On 29 Mar 2002, at 15:41, Gustavo Ritondale wrote: > which are the best or default policy for input - output - forward chains in > a linux-ipchains firewall or in a general firewall ? > > It's preferred a DENY policy and accept only system services or an ACCEPT > policy and deny all services that should not be public to the Internet ? > > Gustavo
Unless you think you know about every vulnerability, exploit, and policy infraction that users inside and outside your network are ever going to attempt, default deny is the sane option. David Gillett _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
