USB Networking vs. iptables

Christian Weßel wesselch at
Sat Sep 20 10:41:48 CEST 2008

Am Freitag, den 19.09.2008, 16:06 -0400 schrieb Joel Newkirk:

> You're most welcome.  The one problem with your reasoning regarding the
> default policy of ACCEPT is that the last rule in the RH-Firewall-1-INPUT
> chain is a 'drop all' rule...  Every RedHat/Fedora/CentOS box I've ever set
> up nearly the first thing I do is delete the default firewall and construct
> my own - I don't like the way they structure theirs.  IMHO best practice
> (and clearest logic) is to enable a DROP policy on INPUT and FORWARD
> chains, and add explicit ACCEPT rules for desired traffic. 
You are right. I have planned to do so, but after first installation of
FC I don't had any idea about iptables and SELinux. And currently I have
running my web server and don't want to block it. But I found a good
discription about a iptables based server FW. I will implement it in

Now FR is more important :-).

mfg/br, christian

Flurstraße 14
29640 Schneverdingen

E-Mail: wesselch at
Telefon: +49 5193 97 14 95
Mobile:  +49 171 357 59 57
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : 

More information about the community mailing list