[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Is my computer safe enough if I use just iptables?



On Fri, Oct 15, 2004 at 09:52:12 -0400,
  Leonard Isham <leonard isham gmail com> wrote:
> On Fri, 15 Oct 2004 14:43:40 +0100 (IST), VJ <vj vijaygill homelinux net> wrote:
> > Harry,
> >   Thanks a lot for your reply. I am using DROP policy by default, and
> > just open the required holes in firewall (HTTP and SMTP only). This PC
> > is not used for browsing at all. It is just a firewall + samba server +
> > http server + smtp server + ftp server + MythTV recording +
> > playing(both backend + frontend) + more little jobs.
> >   I do use DROP but I do not log REJECT. Should I do that?
> 
> Keep using drop.  reject provides additional information to an attacker.

You probably should use reject for ident requests as otherwise transferring
email to some sites may be delayed while an ident request times out.
The extra information afforded by reject isn't that big of a deal.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]