Re: cleaning up my firewall script...
I think you mean -P OUTPUT(or whatever) DROP(This has to be a built-in target). If you do want to
append a blank rule to be a sudo policy, then I say go with the first as it's more flexable. Keep
inmind that any other appended(-A) rule will not be called.
I put up a script that helps sort throught all this -A and -I trash.
--- Bjoern Schmidt <firstname.lastname@example.org> wrote:
> Do i really need the last three iptables calls? I think
> they do the same like the first five calls and could be removed,
> but i am not sure...
> iptables -N CATCH-ALL
> iptables -A OUTPUT -j CATCH-ALL
> iptables -A INPUT -j CATCH-ALL
> iptables -A FORWARD -j CATCH-ALL
> iptables -A CATCH-ALL -j DROP
> iptables -A INPUT -j DROP
> iptables -A OUTPUT -j DROP
> iptables -A FORWARD -j DROP
> Bjoern Schmidt
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.