When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?
A. All traffic to localhost must always be allowed
B. It doesn't matter; netfilter never affects packets addressed to localhost
C. Some applications use the localhost interface to communicate with other applications
D. syslogd receives messages on localhost
E. The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules
題解
答案是選項「C」。這幾乎是必須要進行的設定,如果不這樣做的話,系統在運行時會發生很多問題。