win32sux |
01-07-2008 06:09 PM |
Quote:
Originally Posted by Uncle_Theodore
(Post 3014922)
The last rule can be replaced with setting the OUTPUT policy to DROP, which is somewhat preferred way...
|
I think that until he becomes more familiar with iptables he should keep it at ACCEPT. There's less chance of him getting locked-out with an accidental flush of the chain, and plus it's not like you can't have your chain just as tight with the proper rules. I agree that setting it to DROP is optimal, but I think he should wait on that. Being able to flush the OUTPUT chain without having to worry about a lock-out is kinda nice when one is learning the basics - especially when one is working remotely.
|