Without using stateful rules, a default DROP policy means that you must
have explicit rules to ACCEPT the return packets from locally initiated
stuff. This can be very hard to get right (if it is even possible to get
right).
IMO, the following stateful rules work well and simplify things a great
d
On Mon, 2002-12-02 at 16:48, jdow wrote:
> I have some details and quibbles, Dax.
>
> First there is no iptables DENY rule. This is now "DROP". From the
> netfilter web site: "The DENY target is now DROP, finally." This
> rule simply drops the packet on the floor and does nothing at all
> with it.
I have some details and quibbles, Dax.
First there is no iptables DENY rule. This is now "DROP". From the
netfilter web site: "The DENY target is now DROP, finally." This
rule simply drops the packet on the floor and does nothing at all
with it.
Second, more amplification of the above from the ne
Without using stateful rules, a default DENY policy means that you must
have explicit rules to ACCEPT the return packets from locally initiated
stuff. This can be very hard to get right (if it is even possible to get
right).
IMO, the following stateful rules work well and simplify things a great
d
