Re: firewall for a client
My own computer connected to the Internet is a link which can be
attacked... that¡s the part of the network that I pretend to protect.
On Mon, 2004-12-06 at 12:42 +0100, Ansgar -59cobalt- Wiechers wrote:
> On 2004-12-06 Víctor A. Ramos wrote:
> > On Mon, 2004-12-06 at 08:10 +0100, Ansgar -59cobalt- Wiechers wrote:
> >> On 2004-12-06 Victor A. Ramos wrote:
> >>> so the 'policy' should be: reject all input connections
> >>
> >> That's already done by your system's IP stack.
> >>
> >>> and external pings....
> >>
> >> That doesn't make sense.
> >>
> >>> and allow all connections from my PC to Internet.
> >>
> >> That's done by your system's IP stack as well.
> >>
> >>> I've looking and studying a lot of manuals and how-to's but all of
> >>> them are destinate to a Debian system working as a router for a LAN
> >>> :-/
> >>
> >> That's because it usually doesn't make sense to do packet filtering on a
> >> host that doesn't have any services bound to external interfaces.
> >>
> >> You simply don't need to do any packet filtering at all.
> >
> > I'm disagree with you... and here is a quote from the iptables
> > documentation section at netfilter.org:
> >
> > http://netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-1.html
>
> M-hm. And which part of that exactly is supposed to support your
> disagreement? (hint: you do not have a network)
>
> Regards
> Ansgar Wiechers
> --
> "Those who would give up liberty for a little temporary safety
> deserve neither liberty nor safety, and will lose both."
> --Benjamin Franklin
>
>
--
Víctor A. Ramos <itchysoft_AT_yahoo_DOT_es>
(o_ Debian GNU/Linux .'''`.
//\ Registered User : :' :
V_/_ #315167 `. `'
`
Jabber ID <vramos_AT_jabber_DOT_org>
Reply to: