[sf-lug] update from computer newbie
Rick Moen
rick at linuxmafia.com
Fri Jul 7 14:32:00 PDT 2006
Quoting Asheesh Laroia (asheesh at asheesh.org):
> I second this advice. The "Firewall!!!" advice usually comes from (former
> and current) Windows users who have no idea what is running on their
> systems, so it's the best advice they can give.
I like the advice so much, I live it. Here's the complete set of
firewalling rules on my server:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
If case you've never seen iptables's "list" mode, in this case it's
outputting nothing but headers; there's nothing to list.
Why? How? Here's a diagram of my house LAN + Internet connection:
198.144.195.185
router at Raw Bandwidth Communications NOC
|
|
v
[DSL link using a Westel bridge/modem]
^
|
|
Ethernet switch out in my garage
| | |
| | |
198.144.195.188 198.144.195.186 198.144.195.190
wireless linuxmafia.com deirdre.org
base station
(dual-homed host)
10.0.1.1
|
|
inside ethernet network
and wireless clients
The only place where inbound controls could be placed over the _entire_
house LAN is at the far end of the DSL line, which I obvious don't
control. So, each system, e.g., my wife's deirdre.org box and my
linuxmafia.com one, is responsible for its own security -- which I
choose to implement by just not running any network service I'm not
willing to expose to public contact.
More information about the sf-lug
mailing list