I'm curious why CentOS contradicts its own (or, actually RH's) netfilter default policy. On http://wiki.centos.org/HowTos/Network/IPTables , at the end of section 1, it's stated that (generally) the default policy for INPUT is to DROP. So, why is it set to ACCEPT? Btw, Fedora is also this way.