Hi, I have firewall script using iptables which runs from /etc/rc.d/rc.local. This script does nothing except allowing just http, smtp for outer world(inbound). All type of connections are allowed from the machine to the outerworld (outbound). I have not set anything else like in hosts.deny/hosts.allow or sshd.conf. My question is, according to your knowledge, is my computer safe enough? Till now I have not suffered from any proble, but this cannot go on for-ever. Regards from VJ
I'd guess you're safe. Like some other people here on the list I use an old Pentium machine with kernel 2.4.26 as a firewall/DSL router. It was installed almost a year ago and of course nobody broke in yet. The only service I run on this machine is SSH, but it uses a non-standard port, and I never log in with passwords, only with password protected DSA keys.
On the other hand: how many successful hack attempts have you read about on this list? There were only a couple SSH brute force trials reported. So you can expect something like this, not more.
Cheers,
Botond
