Re: cleaning up my firewall script...

To: Bjoern Schmidt <bj-schmidt@uni-paderborn.de>, debian-firewall@lists.debian.org
Subject: Re: cleaning up my firewall script...
From: Mike Mestnik <cheako911@yahoo.com>
Date: Sun, 8 Feb 2004 15:04:55 -0800 (PST)
Message-id: <[🔎] 20040208230455.61105.qmail@web11901.mail.yahoo.com>
In-reply-to: <[🔎] 40267F4B.5060008@uni-paderborn.de>

I think you mean -P OUTPUT(or whatever) DROP(This has to be a built-in target).  If you do want to
append a blank rule to be a sudo policy, then I say go with the first as it's more flexable.  Keep
inmind that any other appended(-A) rule will not be called.

I put up a script that helps sort throught all this -A and -I trash.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=192235

--- Bjoern Schmidt <bj-schmidt@uni-paderborn.de> wrote:
> Do i really need the last three iptables calls? I think
> they do the same like the first five calls and could be removed,
> but i am not sure...
> 
> 
> finish_rules()
> {
> 	iptables -N CATCH-ALL
> 	iptables -A OUTPUT     -j CATCH-ALL	
> 	iptables -A INPUT      -j CATCH-ALL
> 	iptables -A FORWARD    -j CATCH-ALL
> 	iptables -A CATCH-ALL  -j DROP
> 
> 	iptables -A INPUT      -j DROP
> 	iptables -A OUTPUT     -j DROP
> 	iptables -A FORWARD    -j DROP
> }
> 
> -- 
> Greetings
> Bjoern Schmidt
> 

__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html

Reply to:

References:
- cleaning up my firewall script...
  - From: Bjoern Schmidt <bj-schmidt@uni-paderborn.de>

Prev by Date: cleaning up my firewall script...
Next by Date: Re: cleaning up my firewall script...
Previous by thread: cleaning up my firewall script...
Next by thread: Re: cleaning up my firewall script...
Index(es):
- Date
- Thread