-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
jdd schreef: > M9. wrote: > >> In my config there are only trusted hosts... >> (in a windows case there are constantly hosts that are informed > > informed? spyware and datamining.. ;-) ( i know this is unknown to linux :-) > >> yes it has to let me know who is going out and going in, and i must be >> able to shut whatever port i like, in principle.. > > this is not a firewall but a proxy server. no, in windows, a firewall can do that.. > > Usually, a firewall blocks all the ports. That means that no > communication can be initiated from the exterior to the inside. If > inside your computer you ask an application to go and search, this is > allowed. > >> If some host wants to enter my pc, i want to know this, > > what does this mean for you?? that my spyware-killers do not work.. (please do not forget my decade of windows use ;-) > > all what an external program can do on your computer is read a port or > write a port. > > closing a port means only that this write is rejected (or simply > ignored). In fact, if no application is listening (by reading this > port), the write *is* ignored > >> If i give a password to a host, it can enter without noticing me, as >> long as i want to let the firewall exept the password. > > this may be the windows way of life, but it's not Linux one. indeed, some habits die hard ;-) if I do > "ssh <somecomputer>", my ssh will try to write to the ssh port of this > computer. If, for example, it's a windows 98 with no firewall at all, > but with no ssh server neither, nothing is going on and I cannot enter > > to enter a computer you must have a server that allows this > >> A good firewall can handele this perfectly, with just one card. > > nope. untrusted pc can attack a trusted one. This is like having > all computers exposed to the exterior and youi have to protect all of them my router is a firewall, and all PC's and laptops have one.. > >> As i understand, only for the ports used by samba for the LAN? > > well, the windows smb implementation seems to be programed in an evil > way and don't use always the same ports, so one must let many ones open > (that is may listen to these ports and answer to them) and this is > unsecure. > >> >>> use of samba server on suse fixes the permission problem. >> >> Samba server i did not use before... > > how did you grant access to your linux computer from windows then? Sorry, it is the client and the server, i thought of an aplication like server-edition.. euh..errr..;-) > > access must be done on the host: > > * by a standard protocol (smb, ssh, ftp, http...) accepted by a server > * by two applications sharing the same port yes that is the procedures.. > > anyway, if you had a working config one day, and now it's no more > working, there is to have been a change in between :-) Offcourse there has to be a change to change something. In this case i did not change a thing. Why should i? It worked, and i never change something that does its job well.. again, that is why i call the firewall inconsistant.. If it is too much trouble to config it right, i shut it off, no big deal..(router is sufficient, and one pc can use DHZ ) - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: [EMAIL PROTECTED] Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG7A1yX5/X5X6LpDgRAtrYAJ9qC4iLYY/VZVowNhuPxnx3oR+JMgCfdzEm splkrsqmms9PIUnSgYkXi+k= =dAU3 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]