[Shorewall-newbies] First line "ACCEPT from anywhere to anywhere" OK?

Tom Eastep teastep at shorewall.net
Mon Jan 19 07:39:12 PST 2004

On Sunday 18 January 2004 10:11 pm, Greg Bell wrote:
> Hi Newbie-question-answerers,
> I followed the 2-interface quickstart (I have a linux box with two NICs,
> one's connected to a DSL modem, the other to my home network).
> After shorewall does its thing, I did a iptables -L and noticed the first
> line of the INPUT policy is an ACCEPT from anywhere to anywhere:
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> DROP      !icmp --  anywhere             anywhere           state INVALID
> ppp0_in    all  --  anywhere             anywhere
> eth1_in    all  --  anywhere             anywhere
> common     all  --  anywhere             anywhere
> LOG        all  --  anywhere             anywhere           LOG level info
> prefix `Shorewall:INPUT:REJECT:'
> reject     all  --  anywhere             anywhere

Now type "shorewall show INPUT" to see what the chain really looks like. 

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list