On Thu, Feb 01, 2007 at 07:32:01AM -0500, Marc D Ronell wrote: > > Hi, > > Thanks for all of the suggestions. Isn't there a *default* firewall > install when you setup a basic version of etch? If I didn't > specifically install a firewall, does that mean that there is > currently no firewall setup? >
There is no "firewall" and you seem to be using it in the Windows sense. In debian (and other *n*x) there isn't necessarily a *need* for a firewall. A firewall on a standalone computer does one thing: blocks outside access to any open ports on the machine. If there are no open ports, or if the open ports are properly secured, then there is no need for a firewall. In the windows world there are many default insecure ports that need protection. Not so true in debian. That said, a firewall certainly won't hurt. Look at what services you need to have access to from the outside world and how someone might gain access to them to determine what you need. If you have no need to get at the machine from the outside world, then make sure all those things (ssh, ftp, http, whatever) are turned off (many are off by default). If you want the added assurance of having iptables DROP or DENY packets then by all means set up shorewall. > I am happy to write and work with iptables using a script from > /etc/init.d, but I thought etch might have a *default* firewall > pre-configured? Maybe not? :). > you might get more pointed assistance if you provide details as to what you are really after here. What is this machine used for? how is it connected to the net? etc.etc. A
signature.asc
Description: Digital signature
