Hi - Have just been asked to look after several linux webservers. One has firewall rules:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG

then follow a whole bunch of rules which I can follow but what bothers me is the the first Accept all - surely this just opens the firewall to anything and the packets never get to the rules below or am I missing something fundamental?

The other server has a default INPUT of accept

Chain INPUT (policy ACCEPT)
target prot opt source destination
acctboth all -- anywhere anywhere
DROP all -- 192.192.116.95 anywhere
and a few other drops from specific IPs

Chain acctboth (2 references)
target prot opt source destination
tcp -- astro.somewhere.com anywhere tcp dpt:http
tcp -- anywhere astro.somewhere.comtcp spt:http
tcp -- astro.somewhere.com anywhere tcp dpt:smtp
tcp -- anywhere astro.somewhere.comtcp spt:smtp
tcp -- astro.somewhere.com anywhere tcp dptop3
tcp -- anywhere astro.somewhere.comtcp sptop3
icmp -- astro.somewhere.com anywhere
icmp -- anywhere astro.somewhere.com
tcp -- astro.somewhere.com anywhere
tcp -- anywhere astro.somewhere.com
udp -- astro.somewhere.com anywhere
udp -- anywhere astro.somewhere.com
all -- astro.somewhere.com anywhere
all -- anywhere astro.somewhere.com
then repeats for other domains.

Again I don't see this as excluding anything.
Please comment on the two sets of rules.
Regards
brian