fc4 security applet

Tim ignored_mailbox at yahoo.com.au
Tue Nov 22 01:33:00 UTC 2005


On Mon, 2005-11-21 at 11:24 -0800, Josh Coffman wrote:
> Using the security applet, I checked the  check box for eth0   to
> trust that network interface. In thinking about it, I wanted to make
> sure that it doesn't then bypass my iptables rules.

Yes, it pretty much does.  

If you had, say, PPP to the internet and ETH to your LAN.  You'd trust
your ETH connection, and your LAN could do most things it wanted to
without the firewall in the way.  On the other hand, the PPP network
being untrusted would only allow through the specific services that you
tick as being trusted (e.g. a webserver).  You only tick the networks
that you trust as being wholly trustworth, and the services that you
trust for public access.

> It's behind a NAT/router via cat5. The wireless is wep-128 with MAC
> filter and hidden ESSID. So it's low risk, but I want to be sure

Being behind a NAT router ought to protect you quite a bit.  But
anything on a wireless network is a bit of a risk.  MAC filtering is
useless, by the way.  That takes mere moments to subvert.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.




More information about the fedora-list mailing list