On Sun, Aug 10, 2014 at 4:30 PM, Joe <j...@jretrading.com> wrote: > On Sun, 10 Aug 2014 16:07:01 -0400 > Tom H <tomh0...@gmail.com> wrote: >> On Sun, Aug 10, 2014 at 2:24 PM, Nemeth Gyorgy <fri...@freemail.hu> >> wrote: >>> 2014-08-10 11:33 keltezéssel, Pascal Hambourg írta: >>>> >>>> sysctl -w net.ipv4.ip_forward=1 >>>> iptables -t nat -P ACCEPT >>>> iptables -t filter -P ACCEPT >>> >>> This is really a big sechole. >> >> This is one of these hopelessly unresolvable issues where some people >> believe that the correct config is to have policy DROP/REJECT and >> others believe that the correct config is to have a policy of ACCEPT >> and to have the final rule in the respective chains be DROP/REJECT.. > > Why is it unresolvable? A DROP/REJECT policy is fail-safe, ACCEPT > isn't. If the rest of the rules are correct, (and more importantly, > guaranteed always to stay that way in the face of editing, sometimes > rushed) an ACCEPT policy is redundant, and if they're not, it's > dangerous. You will never *ever* want that ACCEPT policy rule to be > traversed.
And you've proven my point... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAOdo=swtrbbs2otn-70xukucaozz8umhlk5o592qpkhsuc2...@mail.gmail.com
