[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Searching for an appropriate iptables script



also sprach Gareth Bowker <tgb96@aber.ac.uk> [2002.02.07.1017 +0100]:
> If you're worried about missing stuff out, you could start with a firewall
> that defaults everything to DROP and go from there...

good point. any-any-any-DROP is what i call the base firewall. there
is *no* argument for a firewall that's based on anything but this
essential rule. there *should* also be a rule any-any-any-LOG right
before.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
  
at the turn of the century in vienna,
the schoenberg food factory stopped making tonic,
and started making cereal instead.
                                                   -- hofstadter's geb

Attachment: pgpTg0wovv57y.pgp
Description: PGP signature


Reply to: