#1 psad install suggests rule that fails

[JLS]

I installed psad on a redhat 7.2 system. And it sends
me this email. The second suggested email stops
masquerading from my internal network.

Thanks,

** The INPUT chain in the iptables ruleset on
bigdog.jlsworld.com does not
include default rules that will log and drop
unwanted packets. You need
to include two default rules; one that logs packets
that have not been
accepted by previous rules (this rule should have a
logging prefix of
"DROP"), and a final rule that drops any unwanted
packets.

FOR EXAMPLE: Assuming you have already setup
iptables rules to accept
traffic you want to accept, you can probably
execute the following two
commands to have iptables log and drop unwanted
packets in the INPUT
chain by default.

iptables -A INPUT -j LOG --log-prefix " DROP"
iptables -A INPUT -j DROP

** Psad will not detect in the iptables INPUT chain
scans without an
iptables ruleset that includes rules similar to the
two rules above.

** The FORWARD chain in the iptables ruleset on
bigdog.jlsworld.com does
not include default rules that will log and drop
unwanted packets. You
need to include two default rules; one that logs
packets that have not
been accepted by previous rules (this rule should
have a logging prefix
of "DROP"), and a final rule that drops any
unwanted packets.

FOR EXAMPLE: Assuming you have already setup
iptables rules to accept
traffic you want to accept, you can probably
execute the following two
commands to have iptables log and drop unwanted
packets in the FORWARD
chain by default.

iptables -A FORWARD -j LOG --log-prefix "
DROP"
iptables -A FORWARD -j DROP

** Psad will not detect in the iptables FORWARD chain
scans without an
iptables ruleset that includes rules similar to the
two rules above.

.. NOTE: IPTables::Parse does not yet parse user
defined chains and so it
is possible your firewall config is compatible with
psad anyway.