[CentOS] [CENTOS ]IPTABLES - How Secure & Best Practice

Wed Jun 29 13:11:51 UTC 2016
Anthony K <akcentos at anroet.com>

On 29/06/16 20:00, Leon Vergottini wrote:
> #  DEFAULT FIREWALL POLICY
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT DROP
>
> #  ------------------------------------------------------
> #  INPUT CHAIN RULES
> #  ------------------------------------------------------
>
> #  MOST COMMON ATTACKS
> iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
> iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
> iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
>

Why bother adding DROP rules if the default policy is DROP?