iB::Topic::Why not enable firewall by default?

	Damn Small Linux :: Damn Small Linux Board The DSL Forums

» Welcome Guest
[ Log In :: Register ]

Damn Small Linux Board » Damn Small Linux » Networking » Why not enable firewall by default?

		Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
		Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic

Pages: (5) </ 1 2 [3] 4 5 >/

[ Track this topic :: Email this topic :: Print this topic ]

Topic: Why not enable firewall by default?, If Windows XP SP2 can do it....

< Next Oldest | Next Newest >

roberts

Group: Members
Posts: 4983
Joined: Oct. 2003

Posted: Dec. 05 2004,18:18

To see open ports use: netstat -l

Chip
Unregistered

Posted: Dec. 05 2004,23:39

rcfirewall sounds great but does it work on a machine with only 1 nic? I am only interested in blocking access to the machine, not in creating a new, protected subnet and using DSL as a NAT firewall.

Again, something akin to what the "Windows Firewall" does should be sufficient to block all inbound TCP, UDP, and ICMP packets. I see no real reason for egress filtering either in this scenario as trojans/rootkits would not persist between restarts and this is a workstation, not a bastion server.

Chip

AwPhuch

Group: Members
Posts: 1404
Joined: April 2004

Posted: Dec. 06 2004,00:45

Quote (ke4nt1 @ Dec. 05 2004,03:57)

Quote

Oh and it is capable of making a decent little router!!!!

Oh, you MUST share. !!!

Pray Tell !!!

73
ke4nt

Quote

########################################
# -- Advanced Configuration Options -- #
########################################

# ** DO NOT ** modify anything below unless you know what you are doing!!
# See online documentation at: http://projectfiles.com/firewall/config.html

DENY_OUTBOUND=""
ALLOW_INBOUND=""
BLACKLIST=""
STATIC_INSIDE_OUTSIDE=""
PORT_FORWARDS=""
PORT_FWD_ALL="yes"
PORT_FWD_ROUTED_NETWORKS="yes"
ADDITIONAL_ROUTED_NETWORKS=""
TRUST_ROUTED_NETWORKS="yes"
SHARED_INTERNAL="yes"
FIREWALL_IP=""
TRUST_LOCAL_EXTERNAL_NETWORKS="no"
DMZ_INTERFACES=""
NAT_EXTERNAL="yes"
ADDITIONAL_NAT_INTERFACES=""
IGNORE_INTERFACES=""
LOGGING="no"
REQUIRE_EXTERNAL_CONFIG="no"

NAT = Firewall/router for internal network right?

I would still use SmoothWall though

Brian
AwPhuch

--------------
http://www.frappr.com/dsl <-- Where do you use DSL?
http://www.smoothwall.org <-- Ultimate firewall for the world!
http://boinc.mundayweb.com/one/stats.php/userID:6107 <--My BOINC stats!
./S99LinuxRevolution start

AwPhuch

Group: Members
Posts: 1404
Joined: April 2004

Posted: Dec. 06 2004,00:48

Quote (Guest @ Dec. 05 2004,18:39)

NO it will also create a stateful firewall on itself..which means nothing that didnt originate from the box itself is blocked!

So no traffic or requests out from box = nothing getting in!

Brian
AwPhuch

--------------
http://www.frappr.com/dsl <-- Where do you use DSL?
http://www.smoothwall.org <-- Ultimate firewall for the world!
http://boinc.mundayweb.com/one/stats.php/userID:6107 <--My BOINC stats!
./S99LinuxRevolution start