Re: [Sheflug] Firewall stuff

["Chris J/#6" <nospam [at] nccnet.co.uk>]

> 
> I recently found out that slackware's default configuration is allow 
> all for incoming connections. This for a multi-use firewall box isn't 
> a brilliant state of affairs, as if you want some files available to the 
> internal lan, they are automatically shared via the external net as 
> well.
> 

<snip lots>


Hmm...well apart from the post having some obscure characters in it (ASCII > 
127 -- it looks like the lower left corner of one of the box-chars, and no it 
isn't a capital L), this sounds like basic TCP wrappers.

It won't stop httpd requests [unless running httpd from inetd]
It won't stop smbd/nmbd requests [unless running smbd from inetd]
It won't stop DNS requests
It won't stop anyone connecting to your X server
It won't stop anything else running as a standalone daemon *unless* that 
daemon has TCP wrappers support built in.

Also, why do people still use hosts.deny? It's much easier to do away with 
that and stick with hosts.allow and the TCP wrapper extentions that give the 
ALLOW and DENY keyword. "man  5 hosts_options" for more on them - very 
flexible... :)

It's fine as a basic block if you aren't doing much. Better to stick a 
firewall on to stop all the standalone daemons.

Chris...


-- 
Chris Johnson            \  "If not for me then, do it for yourself. If not
sixie@nccnet.co.uk        \  for then do it for the world." -- Stevie Nicks
www.nccnet.co.uk/~sixie/   ~---------------------------------------+
Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000   \______


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.