On Monday 17 November 2003 5:42 pm, Jeffrey Laramie wrote:
Antony Stone wrote:
Chandana, Antony is making a theoretical point here. Your loopbackiptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP
iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT
then no IP traffic will be allowed into, out of, or through, the machine.
interface uses the OUTPUT chain and dropping every OUTPUT packet could
cause some unexpected problems. I wouldn't recommend doing this. If you
ever really wanted to block *all* traffic just unplug the network card(s).
Very well said, Jeffrey :)
Netfilter rules should never be implemented without understanding what they do, and "blocking all traffic" is an unlikely condition for a working machine. Apart from anything else, what use is a machine that can't talk or listen :) ?
On this side of the pond we call them "paper weights" :p
Jeff
