iptables

Stuart Jansen sjansen at buscaluz.org
Thu Oct 21 08:55:24 MDT 2010


On Thu, 2010-10-21 at 08:31 -0600, Kenneth Burgener wrote:
> Is there a logical reason why not to have it this way?

The nice thing about the tests I put at the top (-i lo and -p icmp) is
that they can be decided by just looking at the packet, no need check
the state table before decideing. (Well, as long as you ignore the fact
that Wade is rate limiting ping.)

In addition, I like to also put the -i lo test first just to make sure I
don't forget it. It's pretty important for a Linux system to be able to
talk to itself.



More information about the PLUG mailing list