gharris999 wrote: > But I don't have > much confidence that the hardware firewall on my very old nat router is > impervious to attacks from the "outside". So, my intention with that > ubuntu firewall was to simply limit the number of ports that were open > and to only accept traffic on those ports from the local subnet. This > is dubious logic, I know, but what's the alternative?
Not its not dubious. The chances that your "very old NAT router" is sufficient is vanishingly small. You want to close as many ports as you can, and run as few services as you can, on every computer in your network. Even a very expensive new commercial router, like Cisco sells to enterprises are not "sufficient" in themselves. They too need periodic attention and defense in depth. -- Pat Farrell http://www.pfarrell.com/ _______________________________________________ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
