I'm curious why CentOS contradicts its own (or, actually RH's) netfilter default policy.
On http://wiki.centos.org/HowTos/Network/IPTables , at the end of section 1, it's stated that (generally) the default policy for INPUT is to DROP. So, why is it set to ACCEPT?
Btw, Fedora is also this way.
Michael Klinosky wrote:
I'm curious why CentOS contradicts its own (or, actually RH's) netfilter default policy.
On http://wiki.centos.org/HowTos/Network/IPTables , at the end of section 1, it's stated that (generally) the default policy for INPUT is to DROP. So, why is it set to ACCEPT?
Btw, Fedora is also this way.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Michael, My read of this shows that the iptables -P INPUT ACCEPT is set temporarily so that doing this via SSH remotely does not lock you out! All other places is comes as iptables -P INPUT DROP HTH Rob
-
Michael Klinosky -
Rob Kampen