:An example would be to set a default policy for incoming network traffic (INPUT chain) to DROP everything, and then set an exception certain exceptions (like ssh connections). Note the following table below for policy setting examples.<br><br>'''Policy Setting Examples:'''<br><table width="100%" cellpadding="10" cellspacing="0" border="1"><tr><td width="30%">'''iptables -P INPUT DROP'''</td><td>Drops all incoming packets regardless of protocol (eg. tcp, udp, icmp), port numbers (eg. 22, 80) or source or destination IP Addresses. Setting a default rule to DROP all incoming traffic would make it easier to specify a few exceptions.</td></tr><tr><td>'''iptables -P INPUT ACCEPT'''</td><td>Accepts all incoming packets regardless of protocol (eg. tcp, udp, icmp), port numbers (eg. 22, 80) or source or destination IP Addresses. It would seem that setting a default rule to ACCEPT all incoming traffic would require A LOT of exceptions to help "lock-down" the server for protection! It really depends on the server set-up and what the Linux system administrator wants to accomplish.</td></tr></table><br><br>

# Issue the iptables command verify the INPUT policy has been set(look for the Policy section, NOT INPUT).<br><br>After the overall default policy is set, then you can create policy rules that are "exceptions" to the default policy rules. These iptables commands are more complex since you need to determine: <ul><li>Where each rules appears in the chain (order can be important)</li><li>Which protocol(s) are affected (eg. tcp, udp, icmp)</li><li>What source or destination IP Addresses are affected?</li><li>What port numbers are affected?</li><li>What action to take if all of the above conditions are met? (eg. ACCEPT, REJECT, DROP, or LOG)</li></ul><br>