> as your "open, testing" policy. source/destination IP restrictions > can be added later as you get more comfortable with the configuration. Just to throw in my two cents, there are two things key in dioagnosing firewall ruleset failures. 1. tcpdump on both the inbound and outbound interfaces You will see exactly what the result of the firewall configuration has on the network 2. Add 'logdrop' support. It goes like this: You specify DROP by default in INPUT/FORWARD, but the very last rule in the INPUT/FORWARD chains is to log the failure. By running tcpdump and reading the logs, you can get a good understanding of how a protocol works. It doesn't take too much linux experience to get the gist of what's happening as long as you have some networking background.
