[Gloucs] Out and about with Linux

[Iain Calder]

Paul Broadhead wrote:

>Hi folks,
>
>I'm away with work at the moment but I've taken a laptop running debian
>with me.  I'm paying an extortionate price for a very slow (high speed
>Internet connection) so I thought I'd use it to talk to you.  Anyway, I
>have a (debian ish) question and a bit of sadness to share.
>
>This laptop has always lived behind my local network firewall.  Now its
>all on its own in the big wide world and it needs protection.  I setup a
>very basic firewall that I hope is enough.  Can any of you
>debian/iptables experts advise as to if this is enough:
>
>  iptables -A INPUT -i eth0 -m state --state ESTABLISH,RELATED -j ACCEPT
>  iptables -A INPUT -i eth0 -j LOG
>  iptables -A INPUT -i eth0 -j DROP
>
>This appears to make me invisible but I'd be happy for advice.
>  
>
Hi Paul,

Hope you are having fun on your travels.  Your iptables rules look 
suitably restrictive to me, the only thing you might want to do is set 
the default policy to drop for the INPUT chain (although I don't think 
it would make any practical difference in your case), i.e. start with

iptables -t filter -P INPUT DROP

>Now the sadness, of the embarrassing kind:
>
>On the plane over here I couldn't resist booting the laptop.  All the
>others were using some toy operating system, but I was using our beloved
>Linux.  I wanted to download some pictures from my camera but a recent
>kernel update had changed something.  I had to edit my download script. 
>As a result I think I might form the "vi high club".  Anyone else
>already a member?
>  
>
This type of thing always seems to happen when there are toy OS users 
present.  Never mind that 99% of the time your system is running 
sweetly, there will always be a kernel/module recompile or a config 
change required when a toy OS user is watching, and then they will go 
away gleefully chuckling about having to dabble in such primitive (to 
them) practices!

Iain