Re: why is DENY not enough?

To: debian-firewall@lists.debian.org
Subject: Re: why is DENY not enough?
From: Christoph Haas <email@christoph-haas.de>
Date: Tue, 20 Jul 2004 19:50:28 +0200
Message-id: <[🔎] 20040720175028.GB18403@workaround.org>
Mail-followup-to: Christoph Haas <email@christoph-haas.de>, debian-firewall@lists.debian.org
In-reply-to: <[🔎] 037b01c46e7e$364458c0$3c01a8c0@tftpd>
References: <[🔎] 037b01c46e7e$364458c0$3c01a8c0@tftpd>

On Tue, Jul 20, 2004 at 01:22:41PM -0400, Steve Melo wrote:
> I'm sure that my question has a simple answer, but only recently have I
> begun to play with iptables.  Can anyone please describe why it is necessary
> to specifically block each known attack.  From what I have read a default
> INPUT policy of DENY should drop anything that was not specifically allowed.
> Almost all the firewall scripts I have seen so far include these extra
> rules, but I can't wrap my head around it.

The only reason to block specific attacks is to use logging chains.
Otherwise if the default policy is 'DENY' everything is denied that is
not explicitly allowed.

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All

Reply to:

Follow-Ups:
- Re: why is DENY not enough?
  - From: "Steve Melo" <smelo@communitytrust.ca>

References:
- why is DENY not enough?
  - From: "Steve Melo" <smelo@communitytrust.ca>

Prev by Date: Re: why is DENY not enough?
Next by Date: Re: why is DENY not enough?
Previous by thread: Re: why is DENY not enough?
Next by thread: Re: why is DENY not enough?
Index(es):
- Date
- Thread