Next message: Douglas Carmichael : "[LUNI] Anyone know sendmail rewriting rules?"
On Thu, Mar 08, 2001 at 12:01:43PM -0800, trent wrote:
> For a fairly basic, easy to use set of ipchains scripts, use
> pmfirewall. It's not the end-all-be-all but for securing the "outside"
> while leaving the "inside" open it is very effective. You answer a few
> basic questions- "Are you running a POP3 server?" and it produces the
> ipchains rules for you.
How does it approach he rules? The one thing I didn't like about Ken's plan
(maybe it's just how he described it) was that it sounds like the
whack-a-mole approach (block the problems), whereas I would advise blocking
*all* incoming connections as a default, then opening up just the ones you
need.
But the basic approach is pretty good, at least for your average home user.
There's no sane reason to expect a "professional" attack on most (at least!)
home installations, so the modest added risk of running some reasonably
secure sevices that are well-defended from outside access is probably a
reasonable compromise... unless you have an otherwise-useless old 486
machine (even a 386 will do) sitting around. :-)
-=-
Linux Users Of Northern Illinois: General Discussion Mailing list.
For unsubscription, archives, and announcements only see http://luni.org
This archive was generated by hypermail 2b29
: Thu Mar 08 2001 - 15:08:32 CST