Is my computer safe enough if I use just iptables?
Harry Hoffman
hhoffman at ip-solutions.net
Fri Oct 15 13:29:58 UTC 2004
Simply put *NO* you are not safe enough. At the very least I would run a
personal proxy (such as privoxy).
A bit more paranoid... Turn off java and javascript. Prompt for all
cookies and then only allow them to be session cookies.
Even more paranoid... Setup your iptables to DROP by default INPUT and
OUTPUT. Log the OUTPUT attempts and decide what should be passed (That
way any "funny business" is less likely to happen).
This won't make you "totally" secure but you'll be a few steps ahead of
most curves.
HTH,
Harry
> On Fri, 2004-10-15 at 07:32, VJ wrote:
>
>>Hi,
>> I have firewall script using iptables which runs from
>>/etc/rc.d/rc.local. This script does nothing except allowing just http,
>>smtp for outer world(inbound). All type of connections are allowed from
>>the machine to the outerworld (outbound). I have not set anything else
>>like in hosts.deny/hosts.allow or sshd.conf.
>> My question is, according to your knowledge, is my computer safe enough?
>>Till now I have not suffered from any proble, but this cannot go on
>>for-ever.
More information about the fedora-list
mailing list