[Gloucs] Re: Out and about with Linux

Paul Broadhead lug at twinmoons.clara.co.uk
Tue Oct 28 22:56:19 GMT 2003 

> > This laptop has always lived behind my local network firewall.  Now
> > its all on its own in the big wide world and it needs protection.  I
> > setup a very basic firewall that I hope is enough.  Can any of you
> > debian/iptables experts advise as to if this is enough:
> >
> >  iptables -A INPUT -i eth0 -m state --state ESTABLISH,RELATED -j ACCEPT 
> >  iptables -A INPUT -i eth0 -j LOG
> >  iptables -A INPUT -i eth0 -j DROP
> > This appears to make me invisible but I'd be happy for advice.

> Hope you are having fun on your travels.  Your iptables rules look 
> suitably restrictive to me, the only thing you might want to do is set
> 
> the default policy to drop for the INPUT chain (although I don't think
> 
> it would make any practical difference in your case), i.e. start with
>
> iptables -t filter -P INPUT DROP

OK, thanks Iain.  I hope you're please I'm using debian now too!  It's
only on my laptop at the moment but I intend to convert my server and
main desktop machines as soon as I have time.  OK, that may be a little
while....

> > On the plane over here I couldn't resist booting the laptop.  All
> > the others were using some toy operating system, but I was using our
> > beloved Linux.  I wanted to download some pictures from my camera
> > but a recent kernel update had changed something.  I had to edit my
> > download script. As a result I think I might form the "vi high
> > club". Anyone else already a member?

> This type of thing always seems to happen when there are toy OS users 
> present.  Never mind that 99% of the time your system is running 
> sweetly, there will always be a kernel/module recompile or a config 
> change required when a toy OS user is watching, and then they will go 
> away gleefully chuckling about having to dabble in such primitive (to 
> them) practices!

Funny thing is I hadn't thought of that aspect.  I was quite happy to
have a proper 'primitive' thing to do.  I didn't care that anyone else
might have seen my need for a code change as a sign of a deficiency in
Linux.  I guess we get so use to tweaking things and fixing stuff we
have broken, its second nature.  I wonder if anyone out there has ever
just installed Linux and used it as your gran might (no disrespect to
the tech savvy grans out there reading this).  One of Linux's great
strengths is that you can change and try so many different things.

Anyway, my washing should now be dry so I should say bye bye.

Regards,
Paul

More information about the gloucs mailing list