[sf-lug] update from computer newbie
rick at linuxmafia.com
Fri Jul 7 13:55:08 PDT 2006
Quoting John Lowry (johnlowry at gmail.com):
> Okay, I know what I am about say is going to be in the ball park, but
> specifics might be *off*.
Nah, far as I can see, you're dead-on.
> For your firewall, you do not need to leave any services open for
> incoming traffic below port 1023. I might be off by one, I forget.
> Anyway, those are all services that daemons that are serving will use.
Here's a wacky metaphor, off the top of my head: Your house is on a
corner lot, and it came with a half-dozen fruit stands arrayed around
the edges of the property. For reasons that pass understanding, your
kids keep all those fruit stands stocked with grocery-store purchases
from your kitchen.
You have no actual desire to be in the fruit-selling business, and don't
staff those facilities; you're just a homeowner, trying to enjoy your
place. In consequence, random people off the street are stealing you
blind. Your fruit bill is enormous.
The firewall remedy says: Erect a nasty chainlink fence with razor wire
all around your property line, to prevent people from stealing piles of
merchandise (the fruit) from your front yard.
My "don't _run_ those network services, then" alternative approach says:
Tell your kids to stop putting fruit out there. In fact, take down the
booths so you can have a lawn for a change.
This is Linux: You're in charge.
(Again, I hope somebody's forwarding all this stuff back to Jeff Gibson
-- or just tell him to do the obvious and join the mailing list, if he
wishes to participate in the discussion and see what people are saying.)
More information about the sf-lug