From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: Iptables
Date: Fri, 20 May 2005 01:50:31 -0400 [thread overview]
Message-ID: <20050520055031.GA10259@bender.817west.com> (raw)
In-Reply-To: <200505200738.57268.chadley@pinteq.co.za>
On Fri, May 20, 2005 at 07:38:57AM +0200, Chadley Wilson wrote:
> Would it be safe to set the OUTPUT default policy to ACCEPT?
> Every time I set it to DROP I get locked out, I suppose it has to do with the
> fact that I have no rules for the OUTPUT chain.
well, if you're not going to add any rules to OUTPUT, then--yeah, leave
it at ACCEPT. the OUTPUT policy as ACCEPT or DROP is really more of an
idealogical debate than anything else. personally, i set mine to DROP
and only allow the traffic that is absolutely necessary to save me from
myself (i.e. don't tempt the fw admin to use the fw as a shell
account). things i deem necessary to allow out:
DNS
NTP
FTP/HTTP to update server IP's
ICMP
this is all politic, i don't intend any decree by the statements made
here.
-j
--
"Lois: What's going on?
Stewie: We're playing house.
Lois: The boy is all tied up.
Stewie: Roman Polanski's house."
--Family Guy
next prev parent reply other threads:[~2005-05-20 5:50 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-19 17:45 Iptables Chadley Wilson
2005-05-19 18:35 ` rebuilding an OpensourceVideoconferencechattool codewarrior
2005-05-19 19:33 ` Iptables Jason Opperisano
2005-05-19 20:13 ` Iptables Chadley Wilson
2005-05-19 21:43 ` Iptables Jason Opperisano
2005-05-20 5:38 ` Iptables Chadley Wilson
2005-05-20 5:50 ` Jason Opperisano [this message]
2005-05-20 6:04 ` Iptables Rob Sterenborg
2005-05-20 6:26 ` Iptables Rob Sterenborg
-- strict thread matches above, loose matches on Subject: below --
2012-04-14 12:20 IPTables nullv
2012-04-13 23:54 IPTables nullv
2012-04-14 9:35 ` IPTables Amos Jeffries
2012-04-13 23:53 IPTables nullv
[not found] <047d7b10cb31c8716404bd5f56a7@google.com>
[not found] ` <e89a8ff2474fc99c5604bd608a88@google.com>
2012-04-11 13:06 ` IPTables Ethy H. Brito
2012-04-11 3:03 IPTables Al Grant
2012-04-11 3:45 ` IPTables Ethy H. Brito
2012-04-11 6:33 ` IPTables John Lister
[not found] <BANLkTi=G1ecs9wx+QgAcUphK2-jg60nbAw@mail.gmail.com>
2011-06-02 11:47 ` Iptables Pablo Neira Ayuso
2009-04-27 8:05 iptables Manu
2009-04-29 20:32 ` iptables Jan Engelhardt
2009-05-05 13:38 ` iptables Patrick McHardy
2009-05-05 19:26 ` iptables Jan Engelhardt
2009-05-06 7:53 ` iptables Manu
2008-01-13 18:53 Can't set up transparent proxy on XO laptop P Zemlja
2008-01-13 22:44 ` G.W. Haywood
2008-01-14 7:45 ` iptables sa
2008-01-14 9:17 ` iptables G.W. Haywood
2008-01-15 13:12 ` iptables sa
2008-01-15 14:54 ` iptables G.W. Haywood
2006-10-19 5:08 IPTABLES tarak
2005-06-19 2:17 iptables s s
2005-05-18 21:04 Iptables Limbert Fuentes Quiroga
2005-01-31 11:31 iptables Alabama
2005-01-31 12:02 ` iptables John A. Sullivan III
[not found] ` <5.2.0.9.0.20050131135158.02a9dec0@poczta.interia.pl>
2005-01-31 13:18 ` iptables John A. Sullivan III
2005-01-31 11:16 iptables Andrzej
2004-11-29 14:58 iptables MANJUNATH
2004-09-28 5:07 Iptables Contact
2004-09-28 5:25 ` Iptables Rob Sterenborg
2004-09-28 8:19 ` Iptables Contact
2004-09-28 14:04 ` Iptables Jason Opperisano
2004-09-28 14:09 ` Iptables Aleksandar Milivojevic
2004-09-28 10:36 ` Iptables John A. Sullivan III
2004-09-28 14:27 ` Iptables Jose Maria Lopez
2004-06-19 23:02 Iptables Xiaofang Chen
2004-06-21 18:26 ` Iptables Ian Pratt
2004-05-27 17:51 iptables Alejandro Cabrera Obed
2004-02-27 2:23 iptables mustafa hassan
[not found] <20040205052840.10884.25667.Mailman@netfilter-sponsored-by.noris.net>
2004-02-09 4:48 ` iptables VeNoMouS
2004-02-14 20:17 ` iptables Harald Welte
2004-01-31 8:39 Iptables Ivan Zagvozkine
2004-01-28 11:12 Iptables jean-francois fleury
2004-01-28 13:25 ` Iptables Jeffrey Laramie
2004-01-16 22:36 iptables Wilmar jose wagner
2004-01-22 22:33 ` iptables Pablo Neira
2003-05-26 13:34 iptables Wan System S.R.L.
2003-05-26 15:27 ` iptables Pedro C. Arias
2003-04-28 18:29 IPTABLES lfps
2003-04-23 5:17 iptables Star Fire
2003-02-27 18:04 iptables Guss
2003-01-19 17:30 iptables VASIF MUSAOGULLARI
2003-01-21 11:42 ` iptables Erdal Mutlu
2003-01-17 9:20 IPtables Jet
2002-11-18 22:30 iptables Alexandre Carlos
2002-10-17 23:25 IPtables Alexandre Carlos
2002-06-28 13:28 iptables luigicart
2002-06-28 13:45 ` iptables Antony Stone
2002-06-28 13:48 ` iptables Tom Eastep
2002-06-28 14:00 ` iptables Joe Patterson
2002-06-18 21:06 iptables Russell Coker
2002-06-20 12:44 ` iptables Stephen Smalley
2002-06-13 9:03 Iptables Paulo Andre
2002-06-11 2:24 iptables Matthew Hellman
2002-06-10 14:06 iptables Paulo Andre
2002-06-10 19:27 ` iptables Antony Stone
2002-06-11 2:23 ` iptables Matthew Hellman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050520055031.GA10259@bender.817west.com \
--to=opie@817west.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.