Simple Firewall Policies
Now you're ready to get down to specifying what you want to filter. There are a few things to keep in mind. While you are making changes to rules, you can change /proc/sys/net/ipv4/ ip_forward from 1 to 0 to turn off forwarding. This prevents things from slipping through while you're making changes. This is also the first place to look if nothing is passing through your firewall when you expect it to.
If you change all the built-in chain policies to DROP or REJECT, make sure that you do not specify rules that require lookups. Use IP addresses, not hostnames.
Keep in mind, also, that rules are matched in order. The first rule to match with a special value terminates that chain, so be careful about which rules come first. ...
Get Special Edition Using Linux®, Sixth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
