-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Tue, 23 Dec 2003 04:13:42 +0000, Simon <usenet@no-dns-yet.org.uk> wrote:
> Ah yes, that's true. I'll add some sort of warning about that in
> there (i.e don't apply default policies until after you've added
> exceptions). I find it strange that you quoted the FORWARD line,
> though; I'd have thought that the INPUT policy would affect SSH
> sessions more (unless they're being NATed in some way).

Hmm.. you're right. Full story is I was switching from one firewall
script to another. First firewall script defaulted INPUT, FORWARD, and
OUTPUT to drop, new firewall scropt only played with two of those,
leaving the last one at drop, but with all its chains cleared.

I thought it was forward I had to fix, maybe it wasn't? Ahh... looking
at the original version of the firewall script I fixed for what I needed
(was TNG, now it's DS9), it was OUTPUT that didn't have a default policy
set, so the first firewall's policy stayed in effect. IIRC your chapter
doesn't mention OUTPUT.

Ah well. :-)

--
Rob | If not safe,
Email and Jabber: | one can never be free.
athlonrob at axpr dot net |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/59w+hm6KEoOOAe0RAjPZAKCgcWylpnhpTliBxLbevVVS8MSRlA CgmZ5l
bsFPC8ssZy3q2ZjUpupaz5U=
=TVQX
-----END PGP SIGNATURE-----