Re: [LUG] Firewall Rules

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] Firewall Rules
From: Nick Kew <nick@xxxxxxxxxxxx>
Date: Sat, 8 Feb 2003 18:02:35 +0000 (GMT)
Reply-to: list@xxxxxxxxxxxx

On Sat, 8 Feb 2003, kevin bailey wrote:

> out of curiosity - why don't you set the default policy for the INPUT 
> chain to DROP?  This is surely a bit neater than having the final DROP 
> line in the 'block' chain,

Depends.

If you have local access then yes.  If you don't - like for instance
with a remotely-hosted webserver - you want to be able to ssh in if
it ever gets into a state of having bombed out halfway through your
firewall script.  Think worst-case.

(for that reason, although I have a fixed IP, I permit ssh from anywhere
on the webserver.  I don't want to risk locking myself out by accident).

-- 
Nick Kew

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.

References:
- Re: [LUG] Firewall Rules
  - From: kevin bailey

Prev by Date: Re: [LUG] Re.Firewall Rules
Next by Date: Re: [LUG] Re: ISPs, SMTP and Mail, and the future
Previous by thread: Re: [LUG] Firewall Rules
Next by thread: Re: [LUG] Firewall Rules
Index(es):
- Date
- Thread

Lynx friendly