Hello,
Daniel Curtis a écrit :
>
> I have a question about iptables and rules for OUTPUT
> chain. If I have a typical desktop without any services
> like SSH, Samba etc. it is better to use something like?;
>
> iptables -P DROP
> iptables -A OUTPUT -o eth0 -j ACCEPT
>
> or it does not matter and it could be a simple one rule;
>
> iptables -P OUTPUT ACCEPT
These two sets of commands do different things and cannot be compared
simply.
"Better" suggests optimization, and optimization requires a criterion.
What is the objective criterion you wish to optimize ?
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/51C58219.8020109@plouf.fr.eu.org
No comments:
Post a Comment