On Sat, 30 Nov 2002, David Durst wrote: >Date: Sat, 30 Nov 2002 16:42:49 -0800 (PST) >From: David Durst <ddurst@larubber.com> >To: psyche-list@redhat.com >Content-Type: text/plain; charset=iso-8859-1 >List-Id: Discussion of Red Hat Linux 8.0 (Psyche) <psyche-list.redhat.com> >Subject: Re: iptables -P INPUT REJECT > >> ** Reply to message from Michael Schwendt <rh0210ms@arcor.de> on Sat, 30 >> Nov 2002 14:38:06 +0100 >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On Sat, 30 Nov 2002 14:32:17 +0100, Michael Schwendt wrote: >>> >>> > > The reject option as stated in the Redhat 8.0 Security Guide does >>> not work ! >>> > > >>> > > It gives Bad policy name. >>> > > >>> > > Has anyone a workaround for this ? >>> > >>> > "iptables -P INPUT DENY" because REJECT is a target extension. >>> >>> Sorry, "iptables -P INPUT DROP" of course. DENY was ipchains. >> >> OOps. I made the same booboo. DROP it is. > >The exact command line for this is: > >iptables -P INPUT -j DROP > >But then again you may want to think twice about using a DEFAULT DROP >firewall, DEFAULT DROP uses alot of resources for packets you might just be >able to ignore. That is false. DROP means "drop this packet on the floor and do not process it", which is the least resource using of the bunch. >I you would like to understand more drop a line to me. LOL -- Mike A. Harris ftp://people.redhat.com/mharris OS Systems Engineer - XFree86 maintainer - Red Hat -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
