At 21:55 02.11.2002, Jason Costomiris said:
--------------------[snip]--------------------
># Safe default policies
>iptables -P INPUT DROP
>iptables -P OUTPUT ACCEPT
>iptables -P FORWARD DROP
--------------------[snip]--------------------
I beg to disagree - using an output default polica of ACCEPT opens a wide
door for any Trojans that may make it into your network on one way or the
other. Maybe this is academic - having DROP as rule for fw input SHOULD
leave anything safe at the fw-box itself, but you never know...
My fw-script simply DROPS everything that's not explicitly allowed. Maybe
that's a bit of Austrian mind here - if it's not explicitly allowed, it is
forbidden ;-)
But I feel a lot safer since I have this rule in effect.
--
>O Ernest E. Vogelsinger /~\ The ASCII
(\) ICQ #13394035 \ / Ribbon Campaign
^ X Against
/ \ HTML Email
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
