[sf-lug] update from computer newbie

Rick Moen rick at linuxmafia.com
Fri Jul 7 14:32:00 PDT 2006

Quoting Asheesh Laroia (asheesh at asheesh.org):

> I second this advice.  The "Firewall!!!" advice usually comes from (former 
> and current) Windows users who have no idea what is running on their 
> systems, so it's the best advice they can give.

I like the advice so much, I live it.  Here's the complete set of
firewalling rules on my server:

  # iptables -L
  Chain INPUT (policy ACCEPT)
  target     prot opt source               destination

  Chain FORWARD (policy ACCEPT)
  target     prot opt source               destination

  Chain OUTPUT (policy ACCEPT)
  target     prot opt source               destination

If case you've never seen iptables's "list" mode, in this case it's
outputting nothing but headers; there's nothing to list.

Why?  How?  Here's a diagram of my house LAN + Internet connection:

  router at Raw Bandwidth Communications NOC
   [DSL link using a Westel bridge/modem]
         Ethernet switch out in my garage 
         |             |                |
         |             |                |
   wireless        linuxmafia.com      deirdre.org
   base station
(dual-homed host)
 inside ethernet network
 and wireless clients

The only place where inbound controls could be placed over the _entire_
house LAN is at the far end of the DSL line, which I obvious don't 
control.  So, each system, e.g., my wife's deirdre.org box and my
linuxmafia.com one, is responsible for its own security -- which I
choose to implement by just not running any network service I'm not
willing to expose to public contact.

More information about the sf-lug mailing list