Am Mo, den 05.01.2004 schrieb Sturla Holm Hansen um 18:23: > On Sun, 2004-01-04 at 21:04, Technical wrote: > > # Firewall configuration written by redhat-config-securitylevel > > # Manual customization of this file is not recommended. > > > > *filter > > :INPUT ACCEPT [0:0] > > :FORWARD ACCEPT [0:0] > > :OUTPUT ACCEPT [0:0] > > :RH-Firewall-1-INPUT - [0:0] > > -A INPUT -j RH-Firewall-1-INPUT > > -A FORWARD -j RH-Firewall-1-INPUT > > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > > -A RH-Firewall-1-INPUT -p 50 -j ACCEPT > > -A RH-Firewall-1-INPUT -p 51 -j ACCEPT > > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j > > ACCEPT > > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited [ footer snipped - do not quote footers and signatures due to netiquette ] > You can either set the policy (under *filter) to reject or you can add > -A RH-Firewall-1-INPUT -j REJECT as the last line.. > > Sturla No, it is not possible to set the default policy to REJECT, only DROP is allowed. So better always at the end of the filter list a REJECT rule. Alexander -- Alexander Dalloz | Enger, Germany PGP key valid: made 13.07.1999 PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
