[Firehol-support] policy drop, server all drop, client all drop
Costa Tsaousis
costa at tsaousis.gr
Sun Nov 6 07:44:02 GMT 2005
Redeeman wrote:
>hey.. i notice that
>policy drop
>
>and
>policy drop
>server all drop
>client all drop
>
>doesent generate the same rules, but? shouldnt it?
>
>
>
The server and client statements will specifically drop what would
otherwise by default get dropped by the policy.
FireHOL is not so "smart" to understand that the client and server
statements are not really needed.
>for example i have another interface, which has policy accept, because
>its only one person on that interface, me, which is trusted..
>
>should i also add
>server all accept
>client all accept
>if i wish to allow all?
>
>
>
If you have policy accept, normally you don't need anything else. There
are a few exception however, considering that the explicit services
definitions may load kernel modules or do other fancy things. In
general, if you don't have any issues or packets dropped, just the
policy will do.
Costa
More information about the Firehol-support
mailing list