Re: lprng for a home computer
On Mon, Jul 23, 2001 at 02:06:21AM +0900, Marshal Wong wrote:
> Philipp Lehman <lehman@gmx.net> writes:
> > I can't help you with your lprng question, but a firewall actually
> > makes sense even on a stand-alone workstation or laptop. You can
> > filter in the input chain just like you'd do on a dedicated firewall
> > host.
>
> I'm not an expert on firewalls, but if someone wanted to bring your
> computer to a grinding halt, i.e. DoS, they could just send a whole
> crap of packets, and firewall or no, the processor will have to spend
> all it's cycles dealing with these packets. If course, I guess it
> would happen if you didn't have a firewall too, wouldn't it?
With any decent modern system, you'll likely be dos'ing the line, not the
cpu, unless you have hundreds of ipchains with hundreds of rules each,
which is unlikely to be the case on a personal machine firewall.
A better solution anyway is to have a dedicated firewall machine.
That way, you can install gnome and all the weird stuff that it needs,
without having to fear that any of it is listening directly on an
untrusted network. On a firewall, you can turn off all services except
ip packet forwarding/masquerading. On your desktop, it would impede
your "productivity" (read entertainment and spiffy gui).
Having said that, it may nevertheless be a good thing to also employ
some ipchains rules on your personal desktop. But it would mostly be
useful for monitoring purposes, I think. So it would only be actually
useful if you really regularly check those logs.
Generally speaking though, if you know a bit of unix, don't bother with
those "personal firewall" products, but give a 486 a second life instead.
Cheers,
Joost
Reply to: