Iptables/Firewall

Bruce Dubbs bdubbs at swbell.net
Fri Apr 1 17:59:25 PST 2005


Andrew Benton wrote:
> In response to a post on BLFS support I looked at the pages in my 
> current version of BLFS (svn-20050331) and I can't see where it says to 
> install the iptables bootscript. Is it just me, or is this a bug in the 
> book?

Yes.  It is a bug that I will fix soon.


> Whilst I'm here on iptables business, in the personal firewall script it 
> sets the rule
> 
> iptables -A OUTPUT -j ACCEPT
> 
> which as the comment says, is the same as setting the output policy to 
> ACCEPT, but in the same script it also explicitly sets
> 
> iptables -P OUTPUT DROP
> 
> which sets the output policy to DROP. Is that not a contradiction?

Not really.  If the default is set to DROP, then the onlt thing to 
change is the rules.  If you set to ACCEPT and then want to change the 
rules later, it would be easy to forget about the policy and the rules 
would then not do what you want.

   -- Bruce





More information about the blfs-dev mailing list