On Fri, Feb 21, 2003 at 02:21:10AM -0800, Paul Johnson wrote:
> On Thu, Feb 20, 2003 at 11:45:33AM -0600, Nathan E Norman wrote:
> > gibraltar is not what you want. Install the "ipmasq" package.
>
> Well, if we're talking only a single computer altogether, then making
> sure you don't have any services that aren't being used installed, and
> make sure the ones that are being used are both properly configured
> and patched in an intelligent manner should really cover your bases.
> If it's a home box with no services to the outside world, you can
> pretty much remove all services but the MTA, reconfigure the MTA to
> not listen outside of localhost and learn a little iptables to close
> everything off that isn't originating from the box or related to an
> existing connection.
Agreed. However, the script this guy posted indicated he was doing
NAT (though it's still not clear to me that it's needed :-) which is
why I mentioned the ipmasq package. It's not perfect but IMO it's a
good starting point for newbies.
--
Nathan Norman - Incanus Networking mailto:nnorman@incanus.net
People demand freedom of speech to make up for the freedom of
thought which they avoid.
-- Soren Aabye Kierkegaard
Attachment:
pgp_rq3xtVdaS.pgp
Description: PGP signature