Modifying the default iptables policy section

markofu · markofu · commit a0d916eb5ab8 · 2012-10-24T16:57:48.000+01:00
diff --git a/draft/tutorial/configure-linux-iptables-firewall.txt b/draft/tutorial/configure-linux-iptables-firewall.txt
@@ -10,19 +10,6 @@ Input: filters traffic destined for the firewall
 
 Output: filters traffic from the firewall
 
-By default, ``iptables`` allows all connections so it's a good idea
-to change the default chain policy to DROP:
-
-.. code-block:: sh
-
-   iptables -P INPUT DROP
-
-   iptables -P OUTPUT DROP
-
-This ensures that any traffic to/from the :program:`mongod` server has
-to be explicitly allowed. Be careful when executing these commands that 
-you do not lose access to the server.
-
 Traffic to/from a Standalone MongoDB Instance or Replica-Set
 MongoDB Instance (mongod)
 
@@ -103,6 +90,25 @@ In a sharded infrastructure, the :program:`mongos` router needs
 to connect to :program:`mongod` shard servers and the shard servers
 need to connect and communicate amongst themselves.
 
+
+Default Policy
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+By default, ``iptables`` allows all connections so it's a good idea
+to change the default chain policy to DROP:
+
+.. code-block:: sh
+
+   iptables -P INPUT DROP
+
+   iptables -P OUTPUT DROP
+
+
+This ensures that any traffic to/from the :program:`mongod` server has
+to be explicitly allowed. Be careful when executing these commands that 
+you do not lose access to the server, i.e. ensure you do this on a 
+console connection or already have remote-access iptables rules.
+
 Back-Out & Flush iptables rules
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
