[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: End-user laptop firewall available?

>The answer is: None.

May I suggest a netstat -tulp to see listening services on this laptop ?
While outgoing connections can be discussed, incoming *should* be filtered.


Here some basic configuration for iptables :

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp ! --syn -m state --state NEW -j DROP
-A INPUT --source 192.168.1.0/24 -p tcp --dport ssh -j ACCEPT
COMMIT


2013/12/8 Bastian Blank <waldi@debian.org>
On Sat, Dec 07, 2013 at 10:55:30AM -0600, Richard Owlett wrote:
> Any help/direction appreciated.

The answer is: None. If you don't have anything listen on the network,
nothing can be accessed anyway.

Bastian

--
Where there's no emotion, there's no motive for violence.
                -- Spock, "Dagger of the Mind", stardate 2715.1


--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 20131208103442.GA6765@mail.waldi.eu.org" target="_blank">http://lists.debian.org/[🔎] 20131208103442.GA6765@mail.waldi.eu.org



Reply to: