Re: firewall for a client
On 2004-12-06 Víctor A. Ramos wrote:
> On Mon, 2004-12-06 at 08:10 +0100, Ansgar -59cobalt- Wiechers wrote:
>> On 2004-12-06 Victor A. Ramos wrote:
>>> so the 'policy' should be: reject all input connections
>>
>> That's already done by your system's IP stack.
>>
>>> and external pings....
>>
>> That doesn't make sense.
>>
>>> and allow all connections from my PC to Internet.
>>
>> That's done by your system's IP stack as well.
>>
>>> I've looking and studying a lot of manuals and how-to's but all of
>>> them are destinate to a Debian system working as a router for a LAN
>>> :-/
>>
>> That's because it usually doesn't make sense to do packet filtering on a
>> host that doesn't have any services bound to external interfaces.
>>
>> You simply don't need to do any packet filtering at all.
>
> I'm disagree with you... and here is a quote from the iptables
> documentation section at netfilter.org:
>
> http://netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-1.html
M-hm. And which part of that exactly is supposed to support your
disagreement? (hint: you do not have a network)
Regards
Ansgar Wiechers
--
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin
Reply to: