anti virus

[Leigh Honeywell]

On Wed, Sep 23, 2009 at 01:49:57PM -0400, David Curtis wrote:
> I stand by the quotes, Iptables and other parts of the packet filtering
> framework (netfilter) are used to _build_ enterprise-class firewalls.
> It's not a firewall in and of itself. I use the quotes to indicate
> that as far as us users are concerned iptables is the interface that
> applies our rulesets and generally the only part of netfilter we need be
> concerned with. Therefore, for simplicities sake, lets call it the
> 'firewall' as opposed to a gui. But truly, it's the machine, hardware
> and software, that is the firewall.

It's indeed entirely reasonable to not worry about firewalls on the
average Linux desktop, IMO.  nmap yourself from another machine to see
if any ports are open; if there are any, turn off the services opening
them if they aren't needed.

If you want to be really paranoid though, you'll want to set egress
(outgoing) filtering rules... and that's where something like gufw comes
in handy.

-Leigh