Hi,
the only reason I would think is to allow packets through for the
milliseconds it takes the script to run.
regards
Brian
Leonardo Carneiro wrote:
Hi everyone,
I'm have a avarage-to-good linux knowlegde, but i'm quite noob when it
comes about iptables, so i decided to study about.
I'm reading a lot of articles and blogs, and testing some rules, so
far it's all going well.
Right now i'm running a server with tons of rules written by the admin
that worked here before me, and in the policies session of the script
i've found theses rules:
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -X
$IPTABLES -A INPUT -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -d $LO_IP -j ACCEPT
$IPTABLES -A INPUT -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -d $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -s $INET_IP_DIN -j ACCEPT
$IPTABLES -A OUTPUT -d $INET_IP_DIN -j ACCEPT
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
Is there any good reason why someone would set an ACCEPT policy for
all chains first to withdraw some later? What the benefit of doing this?
Sorry about my poor english.
Tks in advance
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html