Re: Firewall and Laptop

To: debian-laptop@lists.debian.org
Subject: Re: Firewall and Laptop
From: Derek Broughton <derek@pointerstop.ca>
Date: Mon, 3 Jan 2005 10:38:54 -0400
Message-id: <[🔎] 200501031038.54400.derek@pointerstop.ca>
In-reply-to: <20041231182135.GA28800@inf.fu-berlin.de>
References: <eeff079604122518213fa68b30@mail.gmail.com> <200412311137.04510.derek@pointerstop.ca> <20041231182135.GA28800@inf.fu-berlin.de>

On Friday 31 December 2004 14:21, Marcus C. Gottwald wrote:
>
> I do like the way iptables is used in woody: You create your
> chains and rules any way you like and once you're done, you tell
> it to save the current state (by executing
> "/etc/init.d/iptables save active"). You can easily make copies
> of the dump for backup purposes. Also, if a change turns out to
> break something, running "/etc/init.d/iptables start" before a
> "save" will simply revert the changes.

iirc, that was an add-on.  iptables-save is now available as part of the 
iptables package (there's no init.d script, but it is 
in  /sbin/iptables-save).

> Out of curiosity: What features are expected from a config tool?
> On a laptop computer, you'd seldom need a lot more than to allow
> outgoing, related or established traffic plus incoming SSH,
> wouldn't you?

Heavens, my laptop is a portable web/database/file/printer server :-)  I think 
that my rules _could_ be much simpler - many of the ones that were set up by 
Guarddog should be just covered by global "outgoing, related or established" 
rules, and then I could configure specific incoming overrides for the rest.  
I'd consider the rules for a laptop to be much more complex than for the 
average desktop machine.
-- 
derek

Reply to:

Prev by Date: Re: Debian vs. Fedora on Laptops
Next by Date: Re: Laptop recomendation?
Previous by thread: Re: Debian vs. Fedora on Laptops
Next by thread: acpi monitoring software
Index(es):
- Date
- Thread