[Firehol-support] policy drop, server all drop, client all drop

Costa Tsaousis costa at tsaousis.gr
Sun Nov 6 07:44:02 GMT 2005


Redeeman wrote:

>hey.. i notice that
>policy drop
>
>and
>policy drop
>server all drop
>client all drop
>
>doesent generate the same rules, but? shouldnt it?
>
>  
>
The server and client statements will specifically drop what would 
otherwise by default get dropped by the policy.
FireHOL is not so "smart" to understand that the client and server 
statements are not really needed.

>for example i have another interface, which has policy accept, because
>its only one person on that interface, me, which is trusted..
>
>should i also add
>server all accept
>client all accept
>if i wish to allow all?
>
>  
>
If you have policy accept, normally you don't need anything else. There 
are a few exception however, considering that the explicit services 
definitions may load kernel modules or do other fancy things. In 
general, if you don't have any issues or packets dropped, just the 
policy will do.

Costa





More information about the Firehol-support mailing list