19 Feb
2002
19 Feb
'02
13:47
Hello, I think this isn't secure:
# Default DROP policy. iptables -P INPUT DROP iptables -P FORWARD ACCEPT iptables -P OUTPUT DROP
# Make sure that IP forwarding is turned off(0). We only want this for a multi-homed host. /bin/echo "1" > /proc/sys/net/ipv4/ip_forward
I would never enable ip_forward and set FORWARD policy to ACCEPT without using this chain. Is there a reason to enable ip_forward? Regards Ruediger