googlemike@hotpop.com wrote in news:1122173785.227534.107190
@g47g2000cwa.googlegroups.com:

>>From home, I use vpnc on Ubuntu 5.04 to get to my office VPN which is
> the typical Cisco variety on IPSEC and RSA SecurID. I currently have my
> workstation behind another NAT router/firewall.
>
> If I put myself with no local firewall, I get through just fine on VPN
> and a ShieldsUp check shows that I've got no open ports. So that's all
> well and fine.
>
> However, if I improve things a bit and put myself through an
> INPUT-based, limited, local firewall like:
>
> Chain INPUT (policy ACCEPT)

<SNIP>

> Chain FORWARD (policy ACCEPT)
<SNIP>

> Chain OUTPUT (policy ACCEPT)
<SNIP>

Just wanted to comment on your configuration.
The usual procedure is to make the default policy for each chain to be
either DROP, or REJECT depending on your taste. You then pinhole only
what you want to go through. The INPUT and OUTPUT chains are for things
going to/from your PC. The FORWARD chain is used only where your PC is
acting as a gateway or router for other devices or networks. In the case
of a single PC connecting to the Internet, the FORWARD chain is not used.

Klazmon.