What the meaning of "policy ACCEPT" and "policy DROP" in iptables?

security iptables

When running service iptables status on 2 CentOS server,

  • one server has policy ACCEPT in Chain INPUT, Chain FORWARD, and Chain OUTPUT
  • another server has policy DROP in Chain INPUT and Chain FORWARD; while policy ACCEPT in Chain OUTPUT

What the meaning of policy ACCEPT and policy DROP?

...and how to change from policy ACCEPT to policy DROP and from policy DROP to policy ACCEPT?


Accept means that the default policy for that chain, if there are no matching rules, is to allow the traffic.

Drop does the opposite.

The following rule will chance the policy for inbound traffic to drop

iptables --policy INPUT DROP

the manpage for iptables should be able to give you the rest of the info you would need to make other policy changes as necessary.


The policy defines the target for packets that get to the end of the chain.

Related

How to stream live video from a linux server?
Vagrant set default share permissions
Differences between bridged and NAT networking
Is data always encrypted in IPv6 communications?
How to stop ping output? [closed]
SSL & Ngnix: no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking
Can postfix be set up to forward mail to multiple recipients
Automatically start SMTP server in IIS?
Why is RAID 0 classed as RAID when it's not redundant?
Do I still need a backup if I have a redudant storage system with rollback capabilities?
Get a history of CPU/memory usage
Windows Task Scheduler does not start task at next run time