Michael Klinosky wrote: > I'm curious why CentOS contradicts its own (or, actually RH's) netfilter > default policy. > > On http://wiki.centos.org/HowTos/Network/IPTables , at the end of > section 1, it's stated that (generally) the default policy for INPUT is > to DROP. So, why is it set to ACCEPT? > > Btw, Fedora is also this way. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > Michael, My read of this shows that the iptables -P INPUT ACCEPT is set temporarily so that doing this via SSH remotely does not lock you out! All other places is comes as iptables -P INPUT DROP HTH Rob -------------- next part -------------- A non-text attachment was scrubbed... Name: rkampen.vcf Type: text/x-vcard Size: 121 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20090407/9fb698c5/attachment-0005.vcf>