bdubbs at swbell.net
Fri Apr 1 17:59:25 PST 2005
Andrew Benton wrote:
> In response to a post on BLFS support I looked at the pages in my
> current version of BLFS (svn-20050331) and I can't see where it says to
> install the iptables bootscript. Is it just me, or is this a bug in the
Yes. It is a bug that I will fix soon.
> Whilst I'm here on iptables business, in the personal firewall script it
> sets the rule
> iptables -A OUTPUT -j ACCEPT
> which as the comment says, is the same as setting the output policy to
> ACCEPT, but in the same script it also explicitly sets
> iptables -P OUTPUT DROP
> which sets the output policy to DROP. Is that not a contradiction?
Not really. If the default is set to DROP, then the onlt thing to
change is the rules. If you set to ACCEPT and then want to change the
rules later, it would be easy to forget about the policy and the rules
would then not do what you want.
More information about the blfs-dev