Re: fc4 security applet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2005-11-21 at 11:24 -0800, Josh Coffman wrote:
> Using the security applet, I checked the  check box for eth0   to
> trust that network interface. In thinking about it, I wanted to make
> sure that it doesn't then bypass my iptables rules.

Yes, it pretty much does.  

If you had, say, PPP to the internet and ETH to your LAN.  You'd trust
your ETH connection, and your LAN could do most things it wanted to
without the firewall in the way.  On the other hand, the PPP network
being untrusted would only allow through the specific services that you
tick as being trusted (e.g. a webserver).  You only tick the networks
that you trust as being wholly trustworth, and the services that you
trust for public access.

> It's behind a NAT/router via cat5. The wireless is wep-128 with MAC
> filter and hidden ESSID. So it's low risk, but I want to be sure

Being behind a NAT router ought to protect you quite a bit.  But
anything on a wireless network is a bit of a risk.  MAC filtering is
useless, by the way.  That takes mere moments to subvert.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux