Am Freitag, den 19.09.2008, 16:06 -0400 schrieb Joel Newkirk: > You're most welcome. The one problem with your reasoning regarding the > default policy of ACCEPT is that the last rule in the RH-Firewall-1-INPUT > chain is a 'drop all' rule... Every RedHat/Fedora/CentOS box I've ever set > up nearly the first thing I do is delete the default firewall and construct > my own - I don't like the way they structure theirs. IMHO best practice > (and clearest logic) is to enable a DROP policy on INPUT and FORWARD > chains, and add explicit ACCEPT rules for desired traffic. You are right. I have planned to do so, but after first installation of FC I don't had any idea about iptables and SELinux. And currently I have running my web server and don't want to block it. But I found a good discription about a iptables based server FW. I will implement it in future.
Now FR is more important :-). -- mfg/br, christian Flurstraße 14 29640 Schneverdingen Germany E-Mail: [EMAIL PROTECTED] Telefon: +49 5193 97 14 95 Mobile: +49 171 357 59 57 http://wesselch.homelinux.org
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
_______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
