Package: harden-doc Version: 3.5 Severity: normal
Although correct when viewed strictly from the security point of view, default policy of DROP on the INPUT chain is very dangerous when flushing the chain remotely, as I once found out myself, as a newbie :( My suggestion would be: a) either to append "iptables -A INPUT -j DROP" at the end and setting the policy to ACCEPT , or b) include a note about this pitfall and methods to avoid it, like keeping an "on" and "off" state of the firewall and applying them with iptables-restore, for example. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (800, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
