February 2020
Intermediate to advanced
666 pages
15h 45m
English
Content preview from Mastering Linux Security and Hardening - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Blocking everything that isn't allowed with iptables
To start blocking stuff that we don't want, we have to do one of two things. We can set a default DROP or REJECT policy for the INPUT chain, or we can leave the policy set to ACCEPT and create a DROP or REJECT rule at the end of the INPUT chain. Which one you choose is really a matter of preference. (Of course, before you choose one over the other, you might want to check your organization's policy manual to see if your employer has a preference.)
The difference between DROP and REJECT is that DROP blocks packets without sending any message back to the sender. REJECT blocks packets, and then sends a message back to the sender about why the packets were blocked. For our present purposes, ...