USB Networking vs. iptables
Christian Weßel
wesselch at gmx.net
Sat Sep 20 10:41:48 CEST 2008
Am Freitag, den 19.09.2008, 16:06 -0400 schrieb Joel Newkirk:
> You're most welcome. The one problem with your reasoning regarding the
> default policy of ACCEPT is that the last rule in the RH-Firewall-1-INPUT
> chain is a 'drop all' rule... Every RedHat/Fedora/CentOS box I've ever set
> up nearly the first thing I do is delete the default firewall and construct
> my own - I don't like the way they structure theirs. IMHO best practice
> (and clearest logic) is to enable a DROP policy on INPUT and FORWARD
> chains, and add explicit ACCEPT rules for desired traffic.
You are right. I have planned to do so, but after first installation of
FC I don't had any idea about iptables and SELinux. And currently I have
running my web server and don't want to block it. But I found a good
discription about a iptables based server FW. I will implement it in
future.
Now FR is more important :-).
--
mfg/br, christian
Flurstraße 14
29640 Schneverdingen
Germany
E-Mail: wesselch at gmx.net
Telefon: +49 5193 97 14 95
Mobile: +49 171 357 59 57
http://wesselch.homelinux.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.openmoko.org/pipermail/community/attachments/20080920/f859c564/attachment.pgp
More information about the community
mailing list