About my Firewall Settings - I would like an opinion

Anthony M. Rasat anthony.rasat at gmail.com
Fri Nov 14 07:52:36 UTC 2008

Manuel Gomez wrote:

> I have set the default policy in DROP.
> What more could i do?
> Thank you very much, i appreciate your help.

This is my personal opinion and absolutely not going to push it to your

I do not like DROP firewall policy if such host exist in my network. It
would make troubleshooting (ie. traceroute, ping) harder.

Usually I talked that host administrator (whom also my colleage, this is
my network) that I would like ICMP to be allow only from certain host
(ie. monitoring host). That way, I can partially keep an eye on hosts
while not compromising his network policy.

Just my opinion though.



Anthony M. Rasat
Manager - Technical, Network and Support Division
PT. Jawa Pos National Network
Graha Pena Jawa Pos Group Building, 5th floor
Jln. Raya Kebayoran Lama 12, Jakarta Barat 12210
Phone 02132185562
Phone 081574217035
Fax 02153651465
Web http://www.jpnn.com

More information about the ubuntu-users mailing list