[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Default firewall in etch

On Thu, Feb 01, 2007 at 07:32:01AM -0500, Marc D Ronell wrote:
> Hi,
> Thanks for all  of the suggestions.  Isn't there  a *default* firewall
> install  when  you  setup  a  basic  version of  etch?   If  I  didn't
> specifically  install  a  firewall,  does  that  mean  that  there  is
> currently no firewall setup?

There is no "firewall" and you seem to be using it in the Windows
sense. In debian (and other *n*x) there isn't necessarily a *need* for
a firewall. A firewall on a standalone computer does one thing: blocks
outside access to any open ports on the machine. If there are no open
ports, or if the open ports are properly secured, then there is no
need for a firewall. In the windows world there are many default
insecure ports that need protection. Not so true in debian. 

That said, a firewall certainly won't hurt. Look at what services you
need to have access to from the outside world and how someone might
gain access to them to determine what you need. If you have no need to
get at the machine from the outside world, then make sure all those
things (ssh, ftp, http, whatever) are turned off (many are off by
default). If you want the added assurance of having iptables DROP or
DENY packets then by all means set up shorewall. 

> I  am happy  to  write and  work  with iptables  using  a script  from
> /etc/init.d,  but  I thought  etch  might  have  a *default*  firewall
> pre-configured?  Maybe not? :).

you might get more pointed assistance if you provide details as to
what you are really after here. What is this machine used for? how is
it connected to the net? etc.etc.


Attachment: signature.asc
Description: Digital signature

Reply to: