Tim: >> ## Set default (policy) rules: >> >> iptables --policy INPUT DROP >> iptables --policy OUTPUT ACCEPT >> iptables --policy FORWARD ACCEPT >> >> Specific rules follow on from here. Some to explictly deny things I >> want to take precautions against, and some to allow things I want. Res: > This might be fine for a home machine, there are situations where > policy in should be allowed and accept rules then deny rules, this is > important if you run iptables on a high loaded server, you will vety > quickly Care to finish that sentence off? I can only guess at what you might have said. Though, I would have thought that on a server you really wouldn't want a default input accept policy. You'd have to be *very* *sure* that everything on that server was internally ignoring connections that shouldn't be allowed to the outside world. At least a default deny/drop incoming policy gives you some measure of protection against surprises. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
