Is my computer safe enough if I use just iptables?
Bruno Wolff III
bruno at wolff.to
Tue Oct 19 05:08:44 UTC 2004
On Fri, Oct 15, 2004 at 09:52:12 -0400,
Leonard Isham <leonard.isham at gmail.com> wrote:
> On Fri, 15 Oct 2004 14:43:40 +0100 (IST), VJ <vj at vijaygill.homelinux.net> wrote:
> > Harry,
> > Thanks a lot for your reply. I am using DROP policy by default, and
> > just open the required holes in firewall (HTTP and SMTP only). This PC
> > is not used for browsing at all. It is just a firewall + samba server +
> > http server + smtp server + ftp server + MythTV recording +
> > playing(both backend + frontend) + more little jobs.
> > I do use DROP but I do not log REJECT. Should I do that?
>
> Keep using drop. reject provides additional information to an attacker.
You probably should use reject for ident requests as otherwise transferring
email to some sites may be delayed while an ident request times out.
The extra information afforded by reject isn't that big of a deal.
More information about the fedora-list
mailing list