Re: Why not have firewall rules by default?
On Wed, Jan 23, 2008 at 09:19:01AM -0600, William Twomey wrote: > One solution could be to have a folder called /etc/security/iptables > that contains files that get passed to iptables at startup (in the same > way /etc/rc2.d gets read in numeric order). So you could have files like > 22ssh, 23ftp, etc. with iptable rules in each file. This is IMHO nonsence. Why to firewall ports where nothing listens? This would not give you anything. > You could also have > an 'ENABLED' variable like some files in /etc/default have (so that > ports wouldn't be opened by default; the user would have to manually > enable them for the port to be opened). Better way is just not start that daemon. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: [EMAIL PROTECTED], jabber: [EMAIL PROTECTED]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: secure installation
On Wed, Aug 15, 2007 at 10:47:12PM -0500, Pat wrote: > 1) What if someone (and I am sure it happens more often than you may > realize) who is clueless about computers decides to download Debian, > installs it, get hacked, trojaned horsed, their credit cards numbers > stolen, etc. On common workstation there is no need for firewall. Firewall is advanced tool, if user is not able to configure it, then (s)he probably doesn't need it. And if there is no firewall (or other hand-crafted protective measures), then there is no need for rp_filter. So on common workstation there is no need for rp_filter too. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: [EMAIL PROTECTED], jabber: [EMAIL PROTECTED]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
