Iptables/Firewall

Andrew Benton andy at benton987.fsnet.co.uk
Fri Apr 1 10:09:34 PST 2005


In response to a post on BLFS support I looked at the pages in my current version of 
BLFS (svn-20050331) and I can't see where it says to install the iptables bootscript. 
Is it just me, or is this a bug in the book?
Whilst I'm here on iptables business, in the personal firewall script it sets the rule

iptables -A OUTPUT -j ACCEPT

which as the comment says, is the same as setting the output policy to ACCEPT, but in 
the same script it also explicitly sets

iptables -P OUTPUT DROP

which sets the output policy to DROP. Is that not a contradiction? Either the policy 
is accept or it is drop. As the script is for a standalone machine, it's hard to see 
how the output policy can be set to drop. How can you filter packets coming from the 
machine? Either you trust the situations good and allow packets out, or...well I 
dread to think. Would it not make more sense to just set the one rule

iptables -P OUTPUT ACCEPT



More information about the blfs-dev mailing list