firewall conceptual question
Matt Garman <firstname.lastname@example.org>
Sun, 22 Jul 2001 13:33:11 -0500
In most documents I've read about building a firewall, most say the
general procedure is to deny any kind of traffic to your machine, then
explicity allow only what is needed.
So, with iptables, this translates to flushing all the chains, setting all
default policies to DROP, then adding a few ACCEPT conditions.
This makes sense to me, but in a lot of example firewalls I've seen
floating around the 'net, they have explicit DROP rules (in addition to
setting the default policy to DROP). This seems redundant to me---if you
DROP everything by default, why would you need to explicity set even more
Without citing an example, does anyone know what I'm talking about? Can
anyone elaborate on this?
Matt Garman, email@example.com
"I'll tip my hat to the new constitution, Take a bow for the new revolution
Smile and grin at the change all around, Pick up my guitar and play
Just like yesterday, Then I'll get on my knees and pray..."
-- Pete Townshend/The Who, "Won't Get Fooled Again"