[plug] iptables configuration : Accept for Drop by default

Tony Breeds tony at bakeyournoodle.com
Mon Oct 29 07:36:58 WST 2012

On Fri, Oct 26, 2012 at 01:42:30PM +0800, Alexander Hartner wrote:

> I was wondering if this system is secure at all and just badly
> misconfigured. For some reason it seems to kind of work as traffic is
> being blocked. Maybe I just don't understand this properly. Any
> pointers in the right direction would really help me out.

It's not a problem as the:

"REJECT     all  --             reject-with icmp-host-prohibited"

Will reject anything so the default will never need to be applied.

It has the dubious advantage that if you do "iptables -F" you won't get
locked out of your machine.

They look like a pretty default set of rules on a RHEL system.

Yours Tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20121029/c014e4b8/attachment.pgp>

More information about the plug mailing list