What the meaning of "policy ACCEPT" and "policy DROP" in iptables?

When running service iptables status on 2 CentOS server,

  • one server has policy ACCEPT in Chain INPUT, Chain FORWARD, and Chain OUTPUT
  • another server has policy DROP in Chain INPUT and Chain FORWARD; while policy ACCEPT in Chain OUTPUT

What the meaning of policy ACCEPT and policy DROP?

...and how to change from policy ACCEPT to policy DROP and from policy DROP to policy ACCEPT?


Accept means that the default policy for that chain, if there are no matching rules, is to allow the traffic.

Drop does the opposite.

The following rule will chance the policy for inbound traffic to drop

iptables --policy INPUT DROP

the manpage for iptables should be able to give you the rest of the info you would need to make other policy changes as necessary.


The policy defines the target for packets that get to the end of the chain.