Re: firewall for a client
On 2004-12-06 Víctor A. Ramos wrote:
> On Mon, 2004-12-06 at 08:10 +0100, Ansgar -59cobalt- Wiechers wrote:
>> On 2004-12-06 Victor A. Ramos wrote:
>>> so the 'policy' should be: reject all input connections
>> That's already done by your system's IP stack.
>>> and external pings....
>> That doesn't make sense.
>>> and allow all connections from my PC to Internet.
>> That's done by your system's IP stack as well.
>>> I've looking and studying a lot of manuals and how-to's but all of
>>> them are destinate to a Debian system working as a router for a LAN
>> That's because it usually doesn't make sense to do packet filtering on a
>> host that doesn't have any services bound to external interfaces.
>> You simply don't need to do any packet filtering at all.
> I'm disagree with you... and here is a quote from the iptables
> documentation section at netfilter.org:
M-hm. And which part of that exactly is supposed to support your
disagreement? (hint: you do not have a network)
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."