MIS Analytics: iptables OUTPUT drop

2017年3月1日星期三

OUTPUT drop is a good practice for 'deny by default' policy. Example as below.

*filter

:FORWARD DROP [0:0]

:INPUT ACCEPT [0:0]

:OUTPUT DROP [0:0]

-F OUTPUT

-A OUTPUT -d 127.0.0.1 -p tcp --sport 123 -j ACCEPT

-A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT

-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

COMMIT

MIS Analytics