OT: What's the deal with Ubuntu?
Les Mikesell
lesmikesell at gmail.com
Wed May 11 19:05:29 UTC 2005
On Wed, 2005-05-11 at 13:05, Juan Carlos Castro y Castro wrote:
> >
> >Firewalls on hosts that aren't doing routing are just there to cover
> >up mistakes. That is, if you don't have a service listening for
> >a connection you won't accept connections with or without a firewall.
> >If you do have a service running, you will need a hole in the firewall
> >to let the associated connections through anyway. Firewalls only
> >help if you start services that you don't want to work.
> >
> >
> Or if you want some services to just be available to clients X, Y, and
> Z.
Normally you can arrange this with the service configuration and/or
hosts.allow entries.
> Or if you want your machine to be unpingable.
I suppose people have their reasons for being network-unsociable, but
it makes troubleshooting much harder...
> Or if you want to
> implement port knocking.
That's not something the fedora default provides - and iptables
is available if you want to roll your own.
> Or if you want to block eventual,
> yet-to-be-discovered flood attacks.
You can't do much about flood attacks with a host-level firewall. The
packets are already there...
> I'm sure I forgot lots of other uses.
The only one that a default setting can help with is to prevent
accessing services that you didn't mean to have running. This
can be useful if they are started accidentally or due to bugs
or trojans.
--
Les Mikesell
les at futuresource.com
More information about the fedora-list
mailing list