[plug] iptables configuration : Accept for Drop by default

Tim White weirdit at gmail.com
Fri Oct 26 14:52:42 WST 2012

On 26/10/12 16:19, Tim Bowden wrote:
> On Fri, 2012-10-26 at 13:42 +0800, Alexander Hartner wrote:
>> Typically I would configure iptables to have a policy of DROP to
>> prevent all access and then to allow specific port to go through:
>> # iptables -L -n
>> Chain INPUT (policy DROP)
>> target     prot opt source               destination
>> ACCEPT     all  --  
> <snip>
> This ACCEPT line will catch all traffic, so no rule past this point will
> have any effect.  Policy won't even matter. You're letting everything
> through.
Assuming that there aren't more details we aren't seeing. I've found 
unless you run iptables with -v, you can be missing out on lots of 

IMHO, I'd like the policy set to DROP so that if somehow the last REJECT 
rule is removed/changed, that it drops the packet. Although, when you 
accidentally flush all the rules over ssh, you might wish it was set to 


More information about the plug mailing list