Saturday, March 21, 2015

firewall - Iptables accept policy

I was wondering what's the difference between accept and drop policy in iptables.



Here's how I think it works:



Drop policy will drop all packets except those which you make rules for. So you open port manually and other ports are closed.

Accept policy will accept all packets except those which you make rules for. So all ports on which currently some services are working are open and others are closed.



I did some research and most of people advice drop policy, because it's safer.
I think as long you know what services are you running there's no difference at all. Can somebody tell me if I'm wrong and explain.

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...