1 |
On Dec 8, 2007 8:35 AM, Grant <emailgrant@×××××.com> wrote: |
2 |
|
3 |
> I have shorewall set up on my router but I haven't set up anything |
4 |
> security-wise for my laptop which normally sits behind the router. |
5 |
> What should I be setting up on the laptop in preparation for traveling |
6 |
> and connecting via a foreign network or even directly to the Internet? |
7 |
> I don't run sshd on the laptop. I would think shorewall, but am I |
8 |
> forgetting anything? |
9 |
> |
10 |
|
11 |
At the very least I'd do the following with iptables: |
12 |
|
13 |
iptables -P INPUT DROP |
14 |
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
15 |
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT |
16 |
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT |
17 |
|
18 |
This will make sure that there are no incoming connects except those that |
19 |
you |
20 |
initiated. |
21 |
|
22 |
|
23 |
> |
24 |
> # rc-update -s |
25 |
> alsasound | boot |
26 |
> bootmisc | boot |
27 |
> checkfs | boot |
28 |
> checkroot | boot |
29 |
> clock | boot |
30 |
> consolefont | boot |
31 |
> hald | default |
32 |
> hostname | boot |
33 |
> keymaps | boot |
34 |
> local | default nonetwork |
35 |
> localmount | boot |
36 |
> metalog | default |
37 |
> modules | boot |
38 |
> net.eth0 | default |
39 |
> net.lo | boot |
40 |
> netmount | default |
41 |
> ntp-client | default |
42 |
> ntpd | default |
43 |
> rmnologin | boot |
44 |
> urandom | boot |
45 |
> vixie-cron | default |
46 |
> xdm | default |
47 |
> xfs | default |
48 |
> |
49 |
> - Grant |
50 |
> -- |
51 |
> gentoo-user@g.o mailing list |
52 |
> |
53 |
> |