[KLUG Members] ACCEPT all -- anywhere anywhere, eh?

[Adam Williams]

>>Is the redhat firewall config tool goobered?
>Dunno, we can discuss what "goobered" means somewhere else.

A goober is a peanut.  What goobered means is open to interpretation.

>>Chain INPUT (policy ACCEPT)
>>target     prot opt source               destination         
>>RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere           
>>...
>>Chain RH-Lokkit-0-50-INPUT (1 references)
>>target     prot opt source               destination         
>>ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http
>>flags:SYN,RST,ACK/SYN 
>>ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh
>>flags:SYN,RST,ACK/SYN 
>>ACCEPT     all  --  anywhere             anywhere           
>>ACCEPT     udp  --  k2.iserv.net         anywhere           udp spt:domain 
>>ACCEPT     udp  --  everest.iserv.net    anywhere           udp spt:domain 
>>REJECT     tcp  --  anywhere             anywhere           tcp
>>flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable 
>>REJECT     udp  --  anywhere             anywhere           udp reject-with
>>icmp-port-unreachable 
>>Doesn't the "ACCEPT all -- anywhere anywhere" negate all the rules below it?
>UM, it would probably obviate them, yes. I have this little munchkin on my
>shoulder (perhaps a degooberizer, or maybe a degooberator?) that tells me the
>"all" ought to be a "tcp". 

Thats pretty much what I thought.

>However, I don't really like this whole setup, mostly 'cuz I prefer a policy
>of REJECT or DENY... why they don't do this isn't clear to me. The stateful
>nature of some rules is helpful, though.

It does seem an odd way to go about things.