[CentOS] [CENTOS ]IPTABLES - How Secure & Best Practice
Anthony K
akcentos at anroet.com
Wed Jun 29 13:11:51 UTC 2016
On 29/06/16 20:00, Leon Vergottini wrote:
> # DEFAULT FIREWALL POLICY
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT DROP
>
> # ------------------------------------------------------
> # INPUT CHAIN RULES
> # ------------------------------------------------------
>
> # MOST COMMON ATTACKS
> iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
> iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
> iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
>
Why bother adding DROP rules if the default policy is DROP?
More information about the CentOS
mailing list