[CentOS] contradictory netfilter default policy

[Michael Klinosky]

I'm curious why CentOS contradicts its own (or, actually RH's) netfilter
default policy.

On http://wiki.centos.org/HowTos/Network/IPTables , at the end of
section 1, it's stated that (generally) the default policy for INPUT is
to DROP. So, why is it set to ACCEPT?

Btw, Fedora is also this way.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] contradictory netfilter default policy

[Rob Kampen]

Michael Klinosky wrote:

I'm curious why CentOS contradicts its own (or, actually RH's) netfilter
default policy.

On http://wiki.centos.org/HowTos/Network/IPTables , at the end of
section 1, it's stated that (generally) the default policy for INPUT is
to DROP. So, why is it set to ACCEPT?

Btw, Fedora is also this way.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
  

Michael,
My read of this shows that the iptables -P INPUT ACCEPT is set 
temporarily so that doing this via SSH remotely does not lock you out!

All other places is comes as
iptables -P INPUT DROP
HTH
Rob
begin:vcard
fn:Rob Kampen
n:Kampen;Rob
email;internet:r...@kampensonline.net
tel;cell:407-341-3815
version:2.1
end:vcard

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos