Re: Linux Is A Bore
From: name (user_at_host.domain)
Date: Tue, 19 Oct 2004 01:46:05 -0000
On 2004-10-18, Dan Kumen <email@example.com> wrote:
> In article <firstname.lastname@example.org>
> Michael Heiming <michael+USENET@www.heiming.de> wrote:
>> In comp.os.linux.misc Dan Kumen <email@example.com>:
>> > versions, etc.; but with linux, Guarddog was installed, and I
>> What's that, never heard?
> It's a firewall, nice gui interface. Are you going to tell me I
> don't need that either!?
How are you connected to outside?
If you have an internal LAN, which has a gateway through a router, you're
not likely to get any outside intrusion, especially if the router does
Network Address Translation (NATing router...). The likelihood of things
getting out is probably greater than the outside getting in. Iptables
If you are connected directly to the router, whether or not there is a
difference depends on your setup.
If you are connected via a bridge, rather than a router, there is no
protection from the outside if you are connected 1) via a static IP, or 2)
are connected for an extended time via a dynamic IP.
Modem, same thing, depending on whether you are connected long enough to get
spotted. And that can happen almost instantly at times.
In any of the latter cases, iptables is the way to go. It's basically a
packet filter that is highly configurable. The syntax is pretty
straightforward, and if you go about it systematically, you can configure it
to protect your box quite well.
There are those who will tell you that you don't need a firewall if you keep
all your ports closed. If you keep all your ports closed, then why are you
connected in the first place! Fact is that we have to have some ports open
just to communicate.
The issue is what those ports will and will not accept, which is established
by inspecting the incoming packets and having iptables decide whether or not
they should be accepted. There's a lot more to it than that, but that's the
basics. Simply, you do not want to accept packets that are not an
appropriate response to stuff you send out.
Incidentally, note also that this has nothing to do with the loopback
network, unless you are stupid enough to make it available externally.
>> > installed f-prot, and at this point, I have nothing to do.
>> Having used some sort of this on a linux MTA with a bunch of M$
>> clients behind ages ago. If you run Linux only, you don't need
> OK, but I better learn how to play some of the games that came
> with the OS.
Or if you really get bored, write your own! lol!!
-- Email is wtallman at olypen dot com