Does iptables Policy "DROP" provide an absolute back-stop?

Discussion in 'other firewalls' started by boombaby, Sep 11, 2018.

  1. boombaby

    boombaby Registered Member

    Joined:
    Apr 16, 2016
    Posts:
    11

    Hello, Any...


    Recently I posted a question in the Security section of a different forum, a Linux forum. The question was about using an "iptables-based" firewall under Linux. You can read the question and my follow-up here...

    https://www.linuxquestions.org/ques...cy-settings-the-perfect-back-stop-4175638113/

    ...in Posts #1 and #3.


    At this time I have not had any further response. (That is not meant in ANY negative way about the Forum, because - as you know - the right person has to read a question and then respond, and then the OP has to understand. Right? So, "NOT meant to be negative".)

    Nevertheless, I thought perhaps this "Security-dedicated" Forum (ie WILDERS) would be another good approach - albeit broadscale, and not necessarily concerned solely with Linux.

    So can you read the posts and give a response here (or there, if you are a Member).

    (If the Forum Moderator here believes some kind of explanatory post herein would be better then let me know, and I will do that.)


    Regards,
    boombaby
    _
     
  2. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    500
    There are also chains that you have to set up rules for.
    Allow what you need and then drop all the others.You could make rules for dropping non destinated packets explicitly.
    You can also use Tarpit instead of drop.
    If you take the time an read the internet resources you will find ways to get what you need.
    Basically you have Input , Forward and Output chains that depending on the OS implementation may apply rules in specific ways.
    Then it depends if u use the nix OS as a router/gateway, server or as a simple client.
    If no Drop all exists at the end of the table you may be open to the outside world on some ports.
    Depending on the OS vulnerabilities those open ports may take inbound connections for granted so be aware.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.