On 29/06/16 20:00, Leon Vergottini wrote: > # DEFAULT FIREWALL POLICY > iptables -P INPUT DROP > iptables -P FORWARD DROP > iptables -P OUTPUT DROP > > # ------------------------------------------------------ > # INPUT CHAIN RULES > # ------------------------------------------------------ > > # MOST COMMON ATTACKS > iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP > iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP > iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP > Why bother adding DROP rules if the default policy is DROP?