-
Iptables question
Hello pps
How secure would this be:
$iptables -F
$iptables -X
$iptables -p INPUT DROP
$iptables -p OUTPUT DROP
$iptables -p FORWARD DROP
if this is the only thing in my iptables script
is it possible to get any kind of connection to my computer? (without stopping iptables)
id appreciate any thoughts on this :D
-
that setup of yours literally drops any connection..even the connections originating from your own machine..however having a default chain policy of DROP/REJECT is good..and after that you have to explicitly add rules that will permit connections from trusted machines(even your own machine)..hope that answers your question
with regards
scorpion..
-
That doesn't just drop all connections...I'm reasonably sure that drops all packets. But with rules like that, why not just unplug the modem/ethernet card?
-
Quote:
Originally posted here by thesecretfire
That doesn't just drop all connections...I'm reasonably sure that drops all packets. But with rules like that, why not just unplug the modem/ethernet card?
would that script be just as secure as unplugging the network?
-
Pretty much. Nothing can make any connection to the machine from the WAN side or the LAN side, so I'd say it's pretty effectively off the network.
If you want the machine to accept any connections and function as part of your network, you'll need to add some rules to permit those connections.
-
Well I suppose you can't really get much more secure than that can you? Maybe a little impracticle if you actually want to use the computer in a network. Its probably a good start to a script though, deny everything, then allow connections till your setup works :)
-
Thanks for your help :cool: