ipchains question

LS.

I'm working on an ipchains firewall on a litlle old Redhat 7.0 server.

After flushing all rules, I start out making standard strategies as
follows:

# ### Standard strategy is DENY ###
ipchains -P input DENY # No answer for invalid incoming
ipchains -P output REJECT # Error for invalid outgoing
ipchains -P forward REJECT # Error for invalid forwarding

Now the book I'm using suggests to put all kinds of rules in the file to
deny access from for example class A, B and C networks.

Why is this? (since the standard strategy is to DENY or REJECT)

imho I can just ACCEPT only those packages I would want and discard the
others, since they would be denied or rejected, am I right?

Tnx in advance for your enlightment...

--
-----=====##### PapaBear #####=====-----
Jesus is alive, I spoke with Him this morning!
----------------------------------------------

PapaBear wrote:
> LS.
>
> I'm working on an ipchains firewall on a litlle old Redhat 7.0 server.
>
> After flushing all rules, I start out making standard strategies as
> follows:
>
> # ### Standard strategy is DENY ###
> ipchains -P input DENY # No answer for invalid incoming
> ipchains -P output REJECT # Error for invalid outgoing
> ipchains -P forward REJECT # Error for invalid forwarding
>
> Now the book I'm using suggests to put all kinds of rules in the file to
> deny access from for example class A, B and C networks.
>
> Why is this? (since the standard strategy is to DENY or REJECT)
>
> imho I can just ACCEPT only those packages I would want and discard the
> others, since they would be denied or rejected, am I right?

.... - And, yes, it would make things lots easier if You did not
cross-post...


Anyways cheers, and read my reply in one other NG of Your choice,

Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...