[Nottingham] Ubuntu/firewalls (lack of)/wine
Peter Taffs
ptaffs at btinternet.com
Tue Dec 21 21:56:23 GMT 2004
Ok, so Martin thinks the firewall is unnecessary!
I agree, but since some attacks come from unexpected places (mostly not
though), I'd like to have one installed, as I do on the OSX and Win32
boxes on the same home network, even though they are all protected from
the internet with a NATting router which turns all traffic away anyway.
The router is wireless, even with WEP and MAC white-list is still an
access point. It doesn't hurt to take precautions.
David, I think SSH is quite secure (behind a firewall and NAT router)
but you could also limit authentication to public-private Keys. Look in
ssh-keygen. Allow and deny hosts trust IP addresses, which on the
internet aren't really trust-worthy. Is that another one for
discussion?
Peter.
On 21 Dec 2004, at 20:45, David Aldred wrote:
> On Tuesday 21 Dec 2004 17:50, Martin wrote:
>> Most firewalls are very lazyly configured to let everything out and
>> anything related back in.
>>
> True: including the default Mandrake setup (as I found out when trying
> to test
> something, and getting totally unexpected results - results not
> repeatable
> from any machine other than my own).
>
> How would I actually switch that behaviour off?
>
> And on a related point, I'm confused as to how to limit ssh access to
> the
> machine. It's not a problem at the moment (it's limited to machines
> on my
> local network only by Shorewall rules), but ideally I'd like to be
> able to
> allow Peter to use ssh (and by extension scp) when he's in Cambridge.
> Is te
> best way to use hosts.allow and hosts.deny, or is there a better way?
>
> --
> David Aldred
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/nottingham
>
More information about the Nottingham
mailing list