Rolf Kutz wrote:
On 23/01/08 08:29 -0700, Michael Loftis wrote:
It's better to leave the service disabled, or even better, completely
uninstalled from a security standpoint, and from a DoS standpoint as
well. The Linux kernel isn't very efficient at processing firewall
rules. Newer
I thought it was very efficient in doing so. YMMV.
This much does exist. invoke-rc.d iptables save --- i'm not sure
what package the /etc/init.d/iptables script is in, seems to me like
it was part of the same package that provided the binaries.
Didn't that get removed?
regards, Rolf
Yes them were removed. I think at this is most right style today.
http://ace-host.stuart.id.au/russell/files/debian/sarge/iptables/
Cannot find original and seems at this info is removed from ..doc/iptables.
Debian haven't any open services by default, except portmapper and
behind portmapper aren't any services. So no need for host firewall.
If all services are allowed from host to anywhere firewall cannot do
nothing in case when host it compromised and is very difficult made
default rules for that. If user install example apache we need mechanism
which automatically allow connection/s from outside to service/s. What
is different? Host without firewall and port 80 open or host with
firewall and rule which open port 80?
Regards, Riku
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]