Hi everyone,
I'm have a avarage-to-good linux knowlegde, but i'm quite noob when it
comes about iptables, so i decided to study about.
I'm reading a lot of articles and blogs, and testing some rules, so far
it's all going well.
Right now i'm running a server with tons of rules written by the admin
that worked here before me, and in the policies session of the script
i've found theses rules:
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -X
$IPTABLES -A INPUT -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -d $LO_IP -j ACCEPT
$IPTABLES -A INPUT -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -d $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -s $INET_IP_DIN -j ACCEPT
$IPTABLES -A OUTPUT -d $INET_IP_DIN -j ACCEPT
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
Is there any good reason why someone would set an ACCEPT policy for all
chains first to withdraw some later? What the benefit of doing this?
Sorry about my poor english.
Tks in advance
--
*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarneiro@xxxxxxxxxxxxxx <mailto:lscarneiro@xxxxxxxxxxxxxx>
http://www.veltrac.com.br <http://www.veltrac.com.br/>
/Fone Com.: (43)2105-5600/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html