On Fri, 2004-10-15 at 07:32, VJ wrote: > Hi, > I have firewall script using iptables which runs from > /etc/rc.d/rc.local. This script does nothing except allowing just http, > smtp for outer world(inbound). All type of connections are allowed from > the machine to the outerworld (outbound). I have not set anything else > like in hosts.deny/hosts.allow or sshd.conf. > My question is, according to your knowledge, is my computer safe enough? > Till now I have not suffered from any proble, but this cannot go on > for-ever. I don't know that anyone can judge if your system is "safe enough". A lot of that depends on how much risk you are willing to take with your system. I guess if you provide your IP address there would be a lot of people willing to scan and try to hack your system for you, but I don't think you really want to invite that kind of attention. :) For home users I always recommend using one of those cheap hardware firewalls between your systems and the Internet. I know they are not perfect but they are simple and easy to use. I recommend this as they are cheap and easy to setup and once in place you don't really have to worry about them. If you have your system directly connected then at some point you may do something which stops iptables and could expose a whole slew of ports and services to the Internet which may or may not have vulnerabilities. Particularly if you did not go through your system and disable all unused services. In the real world where you have regular firewalls in place most companies not only block most things from coming into their network but also block most things going out of their network. This prevents a lot of trojans from connecting to their master servers from inside the firewall (although a lot of stuff tries to use port 80 and other similar ports for services that are normally allowed to exit your LAN, but then you can use proxies to handle some of that). So it really comes down to a risk assessment that you have to do based on your requirements. Remember, there is nothing 100% secure that is connected to the Internet. You have to put enough security on your system so that the vast majority of hackers don't find your system easier to hack than someone else's system. If you can achieve that then you are probably secure enough. Kind of like the two guys who stumble on a tiger in the woods. The first guy bends down and starts to change into tennis shoes. The other guy says "Don't you think you better be trying to out run the tiger?" The first guy says, "Don't have to, I just have to out run you." -- Scot L. Harris webid@xxxxxxxxxx Go climb a gravity well!