On 7/31/2015 7:43 AM, Robert Wolfe wrote: > Firewalled to the outside world most likely. and where's that? how could a default rule know the difference between 'outside' and 'inside' without knowing specifics about your LAN/WAN configuration ... many of my linux systems are in coloc centers where the LAN is unprotected, its public internet delivered directly to the server, and SSH is the only way I access the servers to manage them. yet others are on a corporate WAN which has many subnets, in neither of these cases would a default rule in SSH access be appropriate. -- john r pierce, recycling bits in santa cruz