Harry, Thanks a lot for your reply. I am using DROP policy by default, and just open the required holes in firewall (HTTP and SMTP only). This PC is not used for browsing at all. It is just a firewall + samba server + http server + smtp server + ftp server + MythTV recording + playing(both backend + frontend) + more little jobs. I do use DROP but I do not log REJECT. Should I do that? Regards from VJ On Fri, October 15, 2004 2:29 pm, Harry Hoffman said: > Simply put *NO* you are not safe enough. At the very least I would run a > personal proxy (such as privoxy). > > A bit more paranoid... Turn off java and javascript. Prompt for all > cookies and then only allow them to be session cookies. > > Even more paranoid... Setup your iptables to DROP by default INPUT and > OUTPUT. Log the OUTPUT attempts and decide what should be passed (That > way any "funny business" is less likely to happen). > > This won't make you "totally" secure but you'll be a few steps ahead of > most curves. > > HTH, > Harry > >> On Fri, 2004-10-15 at 07:32, VJ wrote: >> >>>Hi, >>> I have firewall script using iptables which runs from >>>/etc/rc.d/rc.local. This script does nothing except allowing just http, >>>smtp for outer world(inbound). All type of connections are allowed from >>>the machine to the outerworld (outbound). I have not set anything else >>>like in hosts.deny/hosts.allow or sshd.conf. >>> My question is, according to your knowledge, is my computer safe >>> enough? >>>Till now I have not suffered from any proble, but this cannot go on >>>for-ever. > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
