[CentOS] contradictory netfilter default policy

Rob Kampen rkampen at kampensonline.com
Tue Apr 7 17:59:53 UTC 2009



Michael Klinosky wrote:
> I'm curious why CentOS contradicts its own (or, actually RH's) netfilter
> default policy.
>
> On http://wiki.centos.org/HowTos/Network/IPTables , at the end of
> section 1, it's stated that (generally) the default policy for INPUT is
> to DROP. So, why is it set to ACCEPT?
>
> Btw, Fedora is also this way.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   
Michael,
My read of this shows that the iptables -P INPUT ACCEPT is set 
temporarily so that doing this via SSH remotely does not lock you out!
All other places is comes as
iptables -P INPUT DROP
HTH
Rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rkampen.vcf
Type: text/x-vcard
Size: 121 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090407/9fb698c5/attachment.vcf>


More information about the CentOS mailing list