Ip tables and NAT
Derek Broughton
news at pointerstop.ca
Sat Feb 25 19:32:51 UTC 2006
Alan McKinnon wrote:
> I've seen many valid iptables setups running on gateways and routers.
> I've never yet seen such a thing on a workstation, regardless of what
> the user believes. Every case has been much work for no additional
> *real* benefit. Which raises the question: why do it at all then?
imo, you answered that question in another thread. You said that:
> The far better solution is a tool
> that displays running programs and which ports they have opened.
Since I haven't found such a thing, I count on iptables to prevent running
software from opening ports I don't know about. If you know of anything
that does what you want, tell us. It's not good enough just to run netstat
- it needs to be able to tell me when something starts to use a port &
learn and remember what ports should be open _in both directions_. Like
certain Windows products...
Also, this discussion has focused on whether you need a firewall to stop
people outside your machine accessing open ports - that's only half of a
firewall's job. It needs to prevent outgoing access. afaict, the only way
I could prevent that would be with iptables.
--
derek
More information about the ubuntu-users
mailing list