Gentoo Archives: gentoo-security

From: Mickey Mullin <mickey@×××××××××.us>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 03:29:11
In Reply to: Re: [gentoo-security] firewall suggestions? by Mark Hurst
Mark Hurst wrote:
> It's much better to have a firewall than just have ports not open. Even > though a port is not open it can reveal the presence of your machine by > the manner in which the IP stack responds to a connection attempt. Using a > firewall you can drop those packets, making all your closed ports > invisible.
If by "firewall," you mean an application(Process ID?)-specific Internet security tool, then you may well have identified an as-yet unfulfilled need. If you only mean to imply greater security in that connection attempts to closed ports appear invisible, then iptables aready does that. In "closing" ports, one has the option - nay one is recommended - to use the "DROP" target which has the desired effect of which you speak. (Unwanted packets are simply and silently dropped upon the proverbial floor.) There are, of course, cases where using, say, "REJECT" may be prefered - most notably if one is using one's Linux box to do some true grit routing (as when using multiple Internet service providers). In those cases, if a neighboring router is trying to pass packets *through* one's area, one wants to let one's neighbor know as soon as possible that it should look elsewhere. dreamwolf -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] firewall suggestions? "Thomas T. Veldhouse" <veldy@×××××.net>