Whilst I'm here on iptables business, in the personal firewall script it sets the rule
iptables -A OUTPUT -j ACCEPT
which as the comment says, is the same as setting the output policy to ACCEPT, but in the same script it also explicitly sets
iptables -P OUTPUT DROP
which sets the output policy to DROP. Is that not a contradiction? Either the policy is accept or it is drop. As the script is for a standalone machine, it's hard to see how the output policy can be set to drop. How can you filter packets coming from the machine? Either you trust the situations good and allow packets out, or...well I dread to think. Would it not make more sense to just set the one rule
iptables -P OUTPUT ACCEPT -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
