Is my computer safe enough if I use just iptables?
VJ
vj at vijaygill.homelinux.net
Fri Oct 15 13:43:40 UTC 2004
Harry,
Thanks a lot for your reply. I am using DROP policy by default, and
just open the required holes in firewall (HTTP and SMTP only). This PC
is not used for browsing at all. It is just a firewall + samba server +
http server + smtp server + ftp server + MythTV recording +
playing(both backend + frontend) + more little jobs.
I do use DROP but I do not log REJECT. Should I do that?
Regards from
VJ
On Fri, October 15, 2004 2:29 pm, Harry Hoffman said:
> Simply put *NO* you are not safe enough. At the very least I would run a
> personal proxy (such as privoxy).
>
> A bit more paranoid... Turn off java and javascript. Prompt for all
> cookies and then only allow them to be session cookies.
>
> Even more paranoid... Setup your iptables to DROP by default INPUT and
> OUTPUT. Log the OUTPUT attempts and decide what should be passed (That
> way any "funny business" is less likely to happen).
>
> This won't make you "totally" secure but you'll be a few steps ahead of
> most curves.
>
> HTH,
> Harry
>
>> On Fri, 2004-10-15 at 07:32, VJ wrote:
>>
>>>Hi,
>>> I have firewall script using iptables which runs from
>>>/etc/rc.d/rc.local. This script does nothing except allowing just http,
>>>smtp for outer world(inbound). All type of connections are allowed from
>>>the machine to the outerworld (outbound). I have not set anything else
>>>like in hosts.deny/hosts.allow or sshd.conf.
>>> My question is, according to your knowledge, is my computer safe
>>> enough?
>>>Till now I have not suffered from any proble, but this cannot go on
>>>for-ever.
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list