securing Ubuntu and firewall

[Christian Eichert]

Tom Smith schrieb:
> I disagree...
> I guess it depends on how you define "nasty". I use Webmin, for example,
> but only want it accessible from the console. The program isn't "nasty",
> I just want to ensure that no one from anywhere other than the console
> can connect directly to it. I have other such programs that I protect in
> a similar fashion. The only two ports I have open for management are
> 5900 (encrypted VNC connection to X :0) and 22. The only other open
> ports are for services the server provides such as web or email services.

You do not needa firewall on a linux desktop.
apps who open ports need the ports and a firewall does not help.

btw modern network administrating use the folowing:
have a mailserver for exemple on the box configure procmail that if a
mail arives with a special subject from a special sender it starts ssh
from init.d
cool isn't it ;)

> The firewall acts to ensure that no ports are made publicly accessible
> without deliberately opening the port to allow access to them. If you're
> using a desktop like Gnome or KDE, too, there are many programs that
> will open ports dynamically such as networkable games.

this is not windows here we do not have activeX on linux ...

> Firewalls can also help protect against DoS attacks, 

bullshit !!! how does a firewall protects against a DoS Attack ?

> as well as other
> types of network-based attacks that are aimed at disrupting the computer.
> I think most people would agree that a firewall is a necessary feature
> to implement on any server or Internet-connected computer, as well as
> any network-connected computer if it's connected to an untrusted network

the firewall concept on linux is different than the firewall concept on
a activex systems. iptables works total different than zone alarm for
exemple. You do not need to configure iptables.

On linux it is usefull to switch pots to protect from hacking.

regards