What the meaning of "policy ACCEPT" and "policy DROP" in iptables?
When running service iptables status
on 2 CentOS server,
- one server has
policy ACCEPT
inChain INPUT
,Chain FORWARD
, andChain OUTPUT
- another server has
policy DROP
inChain INPUT
andChain FORWARD
; whilepolicy ACCEPT
inChain OUTPUT
What the meaning of policy ACCEPT
and policy DROP
?
...and how to change from policy ACCEPT
to policy DROP
and from policy DROP
to policy ACCEPT
?
Accept means that the default policy for that chain, if there are no matching rules, is to allow the traffic.
Drop does the opposite.
The following rule will chance the policy for inbound traffic to drop
iptables --policy INPUT DROP
the manpage for iptables should be able to give you the rest of the info you would need to make other policy changes as necessary.
The policy defines the target for packets that get to the end of the chain.