On Saturday 29 August 2015 15:05:57 rlhar...@oplink.net wrote: > On Sat, August 29, 2015 1:39 pm, Reco wrote: > > Something like this should save you from the most troubles provided > > that you don't plan to use your laptop as a print server or NFS: > > I am not sure how "print server" is defined. I installed CUPS so that > I can print to a laser printer in my home network. And if my client > gives me a URL which I view on the laptop, it would be nice to be able > to bookmark the URL and, once I am back home, bring up and print the > web page directly from the laptop. > > As to NSF, I had to search with google to find the definition. No, on > the laptop and in my LAN the only drives accessed are internal, > formatted with ext4, and an external USB.
NSF is incorrect, its NFS, aka Network File System. > > iptables -P INPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A > > INPUT -p icmp -j ACCEPT > > iptables -A INPUT -m conntrack --ctstate INVALID -j DROP iptables -A > > INPUT -p tcp -m conntrack --ctstate RELATED,ESTABLISHED \ > > -j ACCEPT > > iptables -A INPUT -p udp -m conntrack --ctstate RELATED,ESTABLISHED > > \ -j ACCEPT > > iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p > > udp --dport 123 -j ACCEPT > > > > iptables -P FORWARD DROP > > > > ip6tables -P INPUT DROP ip6tables -A INPUT -p ipv6-icmp -j ACCEPT > > ip6tables -A INPUT -m conntrack --ctstate INVALID -j DROP > > ip6tables -A INPUT -p tcp -m conntrack --ctstate RELATED,ESTABLISHED > > \ -j ACCEPT > > ip6tables -A INPUT -p udp -m conntrack --ctstate RELATED,ESTABLISHED > > \ -j ACCEPT > > ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT ip6tables -A INPUT -p > > udp --dport 123 -j ACCEPT > > > > ip6tables -P FORWARD DROP > > > > > > Of course, it's *very* simplistic set of rules (for example, someone > > may consider accepting ssh connections from arbitrary hosts a bad > > idea), but it should work. > > And I thank you. > > > Two things I'm unsure of are: > > > > 1) Avahi's udp 5353. I don't see any value in mDNS (especially in > > office network), but YMMV. > > I have been running Debian for thirteen years, but I know absolutely > nothing about avahi. It must have been installed by default, or else, > perhaps as a dependency of some other package. > > > 2) Whatever thing you're listening for on tcp 9999 with inetd. > > Ah! 9999 is the port used by the approx server. Months ago I had to > install Debian on a system in another location which had a substandard > DSL connection. And whenever I do a Debian netinst, I always use > approx, "just in case". So that is why I installed approx on the > laptop. > > RLH Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
