---------------- Date: 10/21/2010 6:35 AM From: Stuart Jansen <[email protected]> > Here's what I would do based on your current rules: > > *filter > :INPUT DROP [1783:108550] > :FORWARD DROP [0:0] > :OUTPUT ACCEPT [133532:10424922] > -A INPUT -i lo -j ACCEPT > -A INPUT -p icmp -m icmp --icmp-type echo-request -m limit --limit 5/sec -j ACCEPT > -A INPUT -p icmp -j ACCEPT > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > ...
I am always confused why the RELATED,ESTABLISHED rule is not the first entry on the list (Red Hat's defaults don't make sense to me). It would seem to me that established traffic (99.9999999% of traffic) should be accepted as quickly as possible. Why make EVERY packet you receive be matched against the loop back and icmp? This is the one modification I would make: *filter :INPUT DROP [1783:108550] :FORWARD DROP [0:0] :OUTPUT ACCEPT [133532:10424922] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type echo-request -m limit --limit 5/sec -j ACCEPT -A INPUT -p icmp -j ACCEPT ... Is there a logical reason why not to have it this way? Kenneth /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
