mobility and firewall
Lance Lassetter
lance at uclinux.info
Fri Jun 3 21:18:33 CDT 2005
On Sat, 2005-06-04 at 03:47 +0200, Ivan Krstic wrote:
> Lance Lassetter wrote:
> > I beg to differ.
>
> Ugh. Please consult the headers on your outgoing messages, or check
> http://lists.ubuntu.com/archives/ubuntu-devel/2005-June/thread.html to
> verify that your messages are not getting delivered to the list, since
> you're addressing them only to me. I cannot provide help on using your
> e-mail agent properly.
>
> > I've sent all of this to the list only, i.e: 'Reply to List' in
> > Evolution.
>
> No. See above.
>
> > Anyways, thanks for your input but I still digress with your argument
> > and think a Defense in Depth approach is best.
>
> We must not be communicating well, because what you're saying doesn't
> make any sense to me. *What* would you firewall, given that there are no
> listening services? Please give me an example ruleset.
>
> If you somehow maintain that Ubuntu should ship with a default firewall
> policy that drops all inbound connections indiscriminately, then I would
> advise you to give up immediately, as such a radical measure has not
> been adopted by any distribution before (with good reason), and stands
> no chance of being adopted by Ubuntu.
>
> -IK
iptables -P INPUT ACCEPT
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -p tcp --syn -m state --state NEW -j ACCEPT
iptables -A INPUT -m limit -j LOG
iptables -A INPUT -j DROP
Something as simple as this could help tremendously IMHO.
Lance
More information about the ubuntu-devel
mailing list