On Tue, Aug 17, 2010 at 9:31 PM, Genes MailLists <li...@sapience.com> wrote: > On 08/17/2010 02:08 AM, Tom H wrote: > #! /bin/sh >> IPTABLES="/sbin/iptables" >> $IPTABLES --table filter --policy INPUT ACCEPT >> $IPTABLES --table filter --policy FORWARD ACCEPT >> $IPTABLES --table filter --policy OUTPUT ACCEPT > > Not saying I'm commenting on the wisdom of the rules one way or > another - just asking - Does one really want default policy of accept on > all of these ?
I've seen some flame wars on this topic... :) I was just posting the iptables commands needed to result in the "iptables -L" output that the firewall GUI of the OP had created. Unless you add some rules for OUTPUT, you have to have it default to ACCEPT. Since this is a desktop with a GUI, it doesn't matter whether FORWARD defaults to ACCEPT or DROP. Although I prefer and use DROP for INPUT, the reasoning of the GUI developer/maintainer must be that having "$IPTABLES --append INPUT --jump DROP" as the last INPUT rule makes the ACCEPT default safe. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
