Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: Mickey Mullin <mickey@...>
Subject: Re: firewall suggestions?
Date: Wed, 07 Jan 2004 22:27:12 -0500
Mark Hurst wrote:
> It's much better to have a firewall than just have ports not open. Even
> though a port is not open it can reveal the presence of your machine by
> the manner in which the IP stack responds to a connection attempt. Using a
> firewall you can drop those packets, making all your closed ports
> invisible.

If by "firewall," you mean an application(Process ID?)-specific Internet 
security tool, then you may well have identified an as-yet unfulfilled 
need.  If you only mean to imply greater security in that connection 
attempts to closed ports appear invisible, then iptables aready does that.

In "closing" ports, one has the option - nay one is recommended - to use 
the "DROP" target which has the desired effect of which you speak. 
(Unwanted packets are simply and silently dropped upon the proverbial 
floor.)  There are, of course, cases where using, say, "REJECT" may be 
prefered - most notably if one is using one's Linux box to do some true 
grit routing (as when using multiple Internet service providers).  In 
those cases, if a neighboring router is trying to pass packets *through* 
one's area, one wants to let one's neighbor know as soon as possible 
that it should look elsewhere.


gentoo-security@g.o mailing list

Re: firewall suggestions?
-- Thomas T. Veldhouse
firewall suggestions?
-- Pooh Sun Tzu
Re: firewall suggestions?
-- Mark Hurst
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.