[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall - basic config?

| The INPUT chain seems to be problematic to me. As noted above, the ufw-before-input chain seems to ACCEPT everything in its first rule, so none of the other rules in the | INPUT chain will have any effect. The OUTPUT chain seems to be the same way, though this is not as problematic for me, as usually, you will want to allow just about | anything in the OUTPUT chain. Though, I suspect that this could allow an exploit wherein the user's machine is used to originate undesired packets heading out to the net.
| The FORWARD chain looks to be secure, as ultimately the default DROP policy for that chain is what happens to everything.
| Again, while I have done some studying of iptables, and think that I am fluent in the incantations necessary to set it up, I am not an expert, so if I have mis-interpreted the | OPs provided iptables listing, please correct me for both my and his benefit!!
| --
| Mike

Thanks to all of you for your comments so far. Although I'm definitely not happy hearing about some "holes" in my iptables rules, I am sticking with using ufw for now -- my reasoning is that as long as (a) I don't have an SSH server installed, and (b) I don't use public wifi -- I should be reasonably safe from intrusion.


Reply to: