If you don't run any server, why do you need a firewall?
I can't seem to get a firewall going. I've tried Bastille, Shorewall, Firestarter and Guarddog. Best I can get is a solid wall. Nothing in or out.
Tried Webmin with and without Shorewall modules.
I'm using 2.6.5 on Knoppix/Debian.
Using PPPoE to my ADSL provider. IP provided by DHCP.
ISPs DNS is 203.0.178.191.
ADSL Modem is set up as a bridge.
eth0 -> disconnected (currently only the one system)
eth1 -> ppp0 (ADSL)
http://192.168.0.1 gets me into the modem in windows but not in linux?...
It's a home system used for internet, e-mail, etc.
No servers. No need for any external access.
Can anyone help me with rules for iptables?
'IPtables for Dummies' sort of stuff...
--
Toosmoky.
Ride the Penguin...
http://toosmoky.d2.net.au
If you don't run any server, why do you need a firewall?
to keep unwanted traffic from your computer. it is advisable to have one.
i have some 10-20 pages of log/day from things atempting my computer,
ok mostly calls to known trojans... and ofcource atempts to use known vounerabilities in misc software Outlook... and |gasp| yes even linux software, an previous version of cgiemail to name one.
i regularly upgrade and patch my computer and have minimum of installed software (Debian and slackware, none above ~400Mb installed).
as number of posible security holes increase with number of programs... i keep them to minimum and have a well patched kernel with a good iptables script and two firewals beween me and the net. one linux router/firewall and one D-link (for the w-lan).
http://ww.debian.org/security/ for more on linux security (Knoppix is basicly Debian so...)
I asked 'Toosmokey' why he want's a firewall, and he is running linux, not outlook or things like that.. it is advisable to have one.
In my opinion, firewalls are the hype of the day.
Most private users don't need any server, so running a firewall is the wrong decision.
The traffic isn't away of your computer - it's on the firewall.
If you don't listen to a port, how shall your system get affected?
I don't run cgiemail and perhaps Toosmokey doesn't too.
Sorry, but I cannot find an argument in your post.
I don't start inetd automatically.
When it is started, the services are only enabled in the local net.
No need for a firewall at all, nor for an additional computer consuming power to make some noise and write funny logfiles.
And I don't need a router (with an additional firewall) too.
Cisco SG110 24 Port Gigabit Ethernet Switch w/ 2 x SFP SG110-24
$117.00
GENUINE CISCO DS-SFP-FC32G-SW SFP NEW SEALED SEE PHOTOS SHIPS FREE
$74.99
Sonicwall 02-SSC-1874 Compatible 10GBASE-T Copper SFP+ RJ-45 30M Transceiver-876
$189.05
GENUINE CISCO 25G Base Active Optical SFP cable 3M SFP-25G-AOC3M NEW SHIPS FREE
$65.99
Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module 10-2415-03
$8.00
For Cisco SFP-10G-T, Ubiquiti UF-RJ45-10G Module 10G SFP+ to RJ45 10GBase-T
$48.59
GENUINE Cisco SFP-GE-T EXT 30-1421-01 USA 1000BASE-T RJ45 SFP Transceiver
$9.99
NEW Sealed Cisco SFP-10G-SR-S 10G SR SFP+ Module 850nmMM *US Shipping*
$15.00
LOT OF 20 Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module
$89.00
NEW Sealed Cisco SFP-10G-LR 10GBASE-LR SFP+ 1310nm 10km *US Shipping*
$18.00