$iptables -p INPUT DROP
$iptables -p OUTPUT DROP
$iptables -p FORWARD DROP
if this is the only thing in my iptables script
is it possible to get any kind of connection to my computer? (without stopping iptables)
id appreciate any thoughts on this :D
October 17th, 2002, 02:02 PM
that setup of yours literally drops any connection..even the connections originating from your own machine..however having a default chain policy of DROP/REJECT is good..and after that you have to explicitly add rules that will permit connections from trusted machines(even your own machine)..hope that answers your question
October 18th, 2002, 01:45 AM
That doesn't just drop all connections...I'm reasonably sure that drops all packets. But with rules like that, why not just unplug the modem/ethernet card?
October 21st, 2002, 04:31 AM
Originally posted here by thesecretfire That doesn't just drop all connections...I'm reasonably sure that drops all packets. But with rules like that, why not just unplug the modem/ethernet card?
would that script be just as secure as unplugging the network?
October 21st, 2002, 06:01 AM
Pretty much. Nothing can make any connection to the machine from the WAN side or the LAN side, so I'd say it's pretty effectively off the network.
If you want the machine to accept any connections and function as part of your network, you'll need to add some rules to permit those connections.
October 21st, 2002, 09:35 AM
Well I suppose you can't really get much more secure than that can you? Maybe a little impracticle if you actually want to use the computer in a network. Its probably a good start to a script though, deny everything, then allow connections till your setup works :)