On Sun 22 Jul 2012 at 22:01:50 +0800, lina wrote: > On Sun, Jul 22, 2012 at 7:32 PM, Brian <a...@cityscape.co.uk> wrote: > > > > Heaven above knows why you need a firewall. These services are quite > > capable of getting on with life without iptables being involved. So are > > you. > > Just today one website I cared about failed to open, certainly it's > under attack. > I don't know what other people are capable of, I feel they are capable > of doing lots of things. > Frankly speaking I don't have much energy/channel to arm myself some > intense knowledge to meet some potential defense requirement > (sometimes I read something, but mainly to forget later.). > so the only way I can do now is to understand something very > basic.gradually and patiently, perhaps 10 years later, > and I don't have some strong security feelings, if something wrong > with the laptop, I guess I will unavoidably freak out and at that time > definitely some days will waste.
Let's take a look at what you are doing. I'll simplify it a bit but hopefully not too much as to distort your intentions. 1. You have two tcp services which you offer on the network, ssh and a webserver. Other services are available to localhost only. So the only way the outside can communicate with your machine is through ports 22 and 80. 2. You use iptables to reject all connections. This effectively means the services on ports 22 and 80 become unavailable, which does not suit you. 3. You now poke two holes in the firewall to reverse what you did in 2. Now you can consider what you have achieved. Sticking at 1. gives you what you have at 3. In what way have improved security on the machine? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722155344.GE7631@desktop
