Re: OT: What's the deal with Ubuntu?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2005-05-11 at 13:05, Juan Carlos Castro y Castro wrote:
> >
> >Firewalls on hosts that aren't doing routing are just there to cover
> >up mistakes.  That is, if you don't have a service listening for
> >a connection you won't accept connections with or without a firewall.
> >If you do have a service running, you will need a hole in the firewall
> >to let the associated connections through anyway.   Firewalls only
> >help if you start services that you don't want to work.  
> >  
> >
> Or if you want some services to just be available to clients X, Y, and 
> Z.

Normally you can arrange this with the service configuration and/or
hosts.allow entries.

>  Or if you want your machine to be unpingable.

I suppose people have their reasons for being network-unsociable, but
it makes troubleshooting much harder...

>  Or if you want to 
> implement port knocking.

That's not something the fedora default provides - and iptables
is available if you want to roll your own.

>  Or if you want to block eventual, 
> yet-to-be-discovered flood attacks.

You can't do much about flood attacks with a host-level firewall.  The
packets are already there...

> I'm sure I forgot lots of other uses.

The only one that a default setting can help with is to prevent
accessing services that you didn't mean to have running.  This
can be useful if they are started accidentally or due to bugs
or trojans.

-- 
  Les Mikesell
   les@xxxxxxxxxxxxxxxx



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux