Trying to get ping to work through iptables.
Rashkae
ubuntu at tigershaunt.com
Tue Jan 6 17:02:04 UTC 2009
Martin McCormick wrote:
>
>> Also, note that it's common practice to make your default Input Policy
>> Drop, rather than a rule in the chain. Strictly speaking, I don't think
>> it makes a difference in the end, but it does make it possible to append
>> rules at the end of the chain later on.
>
> Hmm. Very good point, but doesn't dropping the packet
> preclude it from going any further?
>
> Martin McCormick
>
The default policy is applied only if no other rules matched. In
effect, it's the same as a rule that is permanently appended to the end
of the chain. Also, it's a rule that will still be in effect if the
entire chain is removed. That can be double edged. If your sitting on
a workstation, you can clear the iptables chain and input an entire new
one without dropping your firewall. Conversely, on a remote access
system, if you clear the Input chain, you will lock yourself out.
More information about the ubuntu-users
mailing list