[Wylug-help] firewall issues

Adam Greenwood adam at greenwood-peace.org.uk
Sun Mar 19 22:07:10 GMT 2006 

I've tried to cut this down to just the relevant bits and not repeat 
things: (especially as John already made the main point)
> This now brings me to another question. Some windows firewalls can not 
> only block outgoing on a port basis but also on an application basis. 
> So some applications can have access to certain ports. Are there such 
> products for Linux? I'm only asking out of curiousity. I definitely 
> don't need one.

That's a very good question, since firewalling won't do what you want. 
It may be a red herring though, because if an app can see out for you, 
it can see out for the bad guys, so all they have to do to send mail is 
invoke the same mail client.

>> ... In the end locking everything down that can be locked down can't 
>> be a bad idea.
> and Lee Evans:
>> Unless you are concerned about threats on your LAN you perhaps don't 
>> need
>> to run the firewall on the linux box at all.
>
> Do I need to run a firewall? Since I'm using a router, it's probably 
> not essential but since the installation switched it on for me and 
> it's not inconveniencing me then I don't mind.

It sounds like you don't need the firewall on the linux box, expecially 
given the next point which almost certainly means your router will be up 
to the job...

> Thinking more about blocking local outgoing traffic - I'm not sure I 
> should worry about it. Since it's inconvenient to block the most 
> likely used ports for trojans then what am I gaining?

I would agree, it's not worth you trying to block outgoing traffic - in 
the original mail, I was thinking you were using the Linux box as a 
server and it didn't need to see out, in which case you could have 
configured the route/firewall to block traffic from the linux box to the 
outside world. There would have been a (very?) few situations it would 
have helped with, since it couldn't have been doing any client work that 
would have exposed it to trojans, but blocking traffic from boxes that 
don't need to see out is a "might as well".

If there were reasonably common ports you didn't need, it might be worth 
blocking them, but once you've got mail, web, ftp and irc open there's 
probably not much point.

As things stand, if you need to see the net from your box and something 
gets access, it'll probably be doing what it's doing as you, so will be 
able to see out too.

HTH,

Adam

More information about the Wylug-help mailing list