Re: About my Firewall Settings - I would like an opinion

[Manuel Gomez <mgdpz1@gmail.com>]

Sam Kuper escribió:

> 2008/11/10 Sam Kuper <sam.kuper@uclmail.net 
> <mailto:sam.kuper@uclmail.net>>
>
>     By using REJECT instead of DROP, you have no stealth. This means
>     you can be port-scanned to look for weaknesses, e.g. unpatched
>     OpenSSH vulnerabilities, etc. 
>
>
> That said, if SSH traffic is blocked, an OpenSSH vuln. might not be 
> significant. If you're allowing and inbound traffic, though, any 
> unpatched flaws in the app servicing that inbound traffic could expose 
> your system to attack.
>
> Also, by REJECTing rather than DROPping, you might be more vulnerable 
> to DoS attacks.
>
> Consider using a default (LOG and) DROP policy instead. Michael Rash's 
> site (www.cipherdyne.org <http://www.cipherdyne.org>) has some good 
> resources for learning about this and implementing it.
I have set the default policy in DROP.

What more could i do?

Thank you very much, i appreciate your help.