[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cleaning up my firewall script...

I think you mean -P OUTPUT(or whatever) DROP(This has to be a built-in target).  If you do want to
append a blank rule to be a sudo policy, then I say go with the first as it's more flexable.  Keep
inmind that any other appended(-A) rule will not be called.

I put up a script that helps sort throught all this -A and -I trash.

--- Bjoern Schmidt <bj-schmidt@uni-paderborn.de> wrote:
> Do i really need the last three iptables calls? I think
> they do the same like the first five calls and could be removed,
> but i am not sure...
> finish_rules()
> {
> 	iptables -N CATCH-ALL
> 	iptables -A OUTPUT     -j CATCH-ALL	
> 	iptables -A INPUT      -j CATCH-ALL
> 	iptables -A FORWARD    -j CATCH-ALL
> 	iptables -A CATCH-ALL  -j DROP
> 	iptables -A INPUT      -j DROP
> 	iptables -A OUTPUT     -j DROP
> 	iptables -A FORWARD    -j DROP
> }
> -- 
> Greetings
> Bjoern Schmidt

Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.

Reply to: