Re: Firewall - basic config?

To: debian-user@lists.debian.org
Subject: Re: Firewall - basic config?
From: Harris Paltrowitz <harrisupstate@yahoo.com>
Date: Wed, 27 Apr 2016 07:26:08 -0400
Message-id: <[🔎] 5720A1D0.7070904@yahoo.com>

| The INPUT chain seems to be problematic to me. As noted above, theufw-before-input chain seems to ACCEPT everything in its first rule, sonone of the other rules in the| INPUT chain will have any effect. The OUTPUT chain seems to be thesame way, though this is not as problematic for me, as usually, you willwant to allow just about| anything in the OUTPUT chain. Though, I suspect that this could allowan exploit wherein the user's machine is used to originate undesiredpackets heading out to the net.

| The FORWARD chain looks to be secure, as ultimately the default DROPpolicy for that chain is what happens to everything.

| Again, while I have done some studying of iptables, and think that Iam fluent in the incantations necessary to set it up, I am not anexpert, so if I have mis-interpreted the| OPs provided iptables listing, please correct me for both my and hisbenefit!!

|
| --
| Mike

Thanks to all of you for your comments so far. Although I'm definitelynot happy hearing about some "holes" in my iptables rules, I am stickingwith using ufw for now -- my reasoning is that as long as (a) I don'thave an SSH server installed, and (b) I don't use public wifi -- Ishould be reasonably safe from intrusion.


-Harris

Reply to:

Prev by Date: Re: jessie systemd shutdown sequence
Next by Date: can't access extra-packages list preseeding PXE install
Previous by thread: Re: Firewall - basic config?
Next by thread: Test version of the system.
Index(es):
- Date
- Thread