On Fri, Jul 08, 2011 at 11:42:51PM +0200, Ansgar Wiechers wrote: > is perfectly fine. And unless you have rather strict security > requirements (in which case your ruleset would allow far less protocols > to begin with), you can simply accept everything in the OUTPUT chain: > > iptables -P OUTPUT ACCEPT > > Also, when posting your tables somewhere, use "iptables -nL" rather than > just "iptables -L".
I always felt that output of iptables-save is a more nice way to check things out, and it can be also useful then to use it directly to build ruleset (with iptables-restore). But maybe it's only my taste ...
