where in the iptables rules does it say to reject connection if no match is found
Sturla Holm Hansen
sturlahh at online.no
Mon Jan 5 17:23:52 UTC 2004
On Sun, 2004-01-04 at 21:04, Technical wrote:
> # Firewall configuration written by redhat-config-securitylevel
> # Manual customization of this file is not recommended.
>
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
>
You can either set the policy (under *filter) to reject or you can add
-A RH-Firewall-1-INPUT -j REJECT as the last line..
Sturla
More information about the fedora-list
mailing list