Re: cleaning up my firewall script...
I think you mean -P OUTPUT(or whatever) DROP(This has to be a built-in target). If you do want to
append a blank rule to be a sudo policy, then I say go with the first as it's more flexable. Keep
inmind that any other appended(-A) rule will not be called.
I put up a script that helps sort throught all this -A and -I trash.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=192235
--- Bjoern Schmidt <bj-schmidt@uni-paderborn.de> wrote:
> Do i really need the last three iptables calls? I think
> they do the same like the first five calls and could be removed,
> but i am not sure...
>
>
> finish_rules()
> {
> iptables -N CATCH-ALL
> iptables -A OUTPUT -j CATCH-ALL
> iptables -A INPUT -j CATCH-ALL
> iptables -A FORWARD -j CATCH-ALL
> iptables -A CATCH-ALL -j DROP
>
> iptables -A INPUT -j DROP
> iptables -A OUTPUT -j DROP
> iptables -A FORWARD -j DROP
> }
>
> --
> Greetings
> Bjoern Schmidt
>
__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
Reply to: