Best Practices for iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I want to allow everything on eth1 and be selective on eth0. What is the best way of handling unwanted packets?

A) Change the policy of the chain to DROP then allow what I want.  Example:
iptables -P INPUT DROP
iptables -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT


B) or leave the policy of the INPUT chain to ACCEPT but put REJECT rules at the end. Example:
iptables -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp -j REJECT
iptables -A INPUT -p udp -m udp -j REJECT
iptables -A INPUT -p icmp -j DROP

This will give me the same outcome won't it?

Thanks in advance!

_________________________________________________________________
Winterize your home with tips from MSN House & Home. http://special.msn.com/home/warmhome.armx


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux