Set Default iptables Policy for Incoming Packets

Docs > Plateforme de sécurité Datadog > OOTB Rules > Set Default iptables Policy for Incoming Packets

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

To set the default policy to DROP (instead of ACCEPT) for the built-in INPUT chain which processes incoming packets, add or correct the following line in /etc/iptables/rules.v4:

:INPUT DROP [0:0]

Rationale

In iptables the default policy is applied only after all the applicable rules in the table are examined for a match. Setting the default policy to DROP implements proper design for a firewall, i.e. any packets which are not explicitly permitted should not be accepted.

Warning

Automated remediation for this rule is disabled. Changing firewall settings while connected over network can result in being locked out of the system.