Am Don, 2003-11-27 um 17.14 schrieb Juan Hernandez: > Another question... > > On Thu, 2003-11-27 at 12:04, Ralf Spenneberg wrote: > > Am Don, 2003-11-27 um 16.41 schrieb Juan Hernandez: > > > > > 1) This rule tells netfilter to drop any packet forwarding I guess > > > iptables -P FORWARD DROP > > This is a default rule. All packets not accepted or dropped by other > > rules will be dropped by this one. > > If this drops everything else, how come there's access to the webserver > in that same machine?? It's not that I dont want it, its just that im > curious on what does this rule drops exactly cause I can still access my > webserver Because the FORWARD chain only covers packets to be forwarded to other machines. Packets destined to the local machine are filtered in the INPUT chain. Do a iptables -P INPUT DROP and you webserver should stop responding (if there are no other INPUT rules). Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: VPN mit Linux Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
