I was wondering what's the difference between accept and drop policy in iptables.
Here's how I think it works:
Drop policy will drop all packets except those which you make rules for. So you open port manually and other ports are closed.
Accept policy will accept all packets except those which you make rules for. So all ports on which currently some services are working are open and others are closed.
I did some research and most of people advice drop policy, because it's safer.
I think as long you know what services are you running there's no difference at all. Can somebody tell me if I'm wrong and explain.
No comments:
Post a Comment