Hi, As far as my knowledge this is done so that the local processes on the firewall machine itself cannot communicate with the outside world. Mostly firewalls are set for FORWARDing so from security point of view its better we set the OUTPUT chain to DROP. But its again your choice waht you want to ACCEPT or DROP. On Thu, 2004-08-19 at 08:06, Sudheer Divakaran wrote: > Hi, > > In almost all IP Tables articles I've found that the default policy of > all tables (INPUT,OUTPUT,FORWARD) set to DROP. I can understand it as > far as INPUT and FORWARD tables are concerned, but I do not understand > why should we set the default policy of OUTPUT chain to DROP. OUTPUT > chain is responsible for packets originating from the firewall itself. > Whay should we DROP it? > > Thanks, > Sudheer >
