Re: Firewall - basic config?
| The INPUT chain seems to be problematic to me. As noted above, the
ufw-before-input chain seems to ACCEPT everything in its first rule, so
none of the other rules in the
| INPUT chain will have any effect. The OUTPUT chain seems to be the
same way, though this is not as problematic for me, as usually, you will
want to allow just about
| anything in the OUTPUT chain. Though, I suspect that this could allow
an exploit wherein the user's machine is used to originate undesired
packets heading out to the net.
|
| The FORWARD chain looks to be secure, as ultimately the default DROP
policy for that chain is what happens to everything.
|
| Again, while I have done some studying of iptables, and think that I
am fluent in the incantations necessary to set it up, I am not an
expert, so if I have mis-interpreted the
| OPs provided iptables listing, please correct me for both my and his
benefit!!
|
| --
| Mike
Thanks to all of you for your comments so far. Although I'm definitely
not happy hearing about some "holes" in my iptables rules, I am sticking
with using ufw for now -- my reasoning is that as long as (a) I don't
have an SSH server installed, and (b) I don't use public wifi -- I
should be reasonably safe from intrusion.
-Harris
Reply to: