open ports

Alexander Skwar listen at
Sun Sep 3 14:54:28 UTC 2006

ยท Gabriel M Dragffy <dragffy at>:

> If you want your machine to be invisible by dropping all packets
> instead of rekecting them,

By doing so, your machine is *VERY* visible. There's no such
thing as an invisible machine on the Internet.

Dropping packages is close to never a good suggestion. Rejecting
packages might be worthwhile, though. But for this, a packet
filter isn't needed.

> I recommend firehol. Install it and edit 
> firehol.conf. You probably want something like:
> interface eth+ internet
>       client all accept
>       protection strong 10/sec 10
>       policy deny
>       server shh accept
> and that's it, it'll keep you ssh open to the outside world.

Hm - the same can be gained by not opening any ports in the
first place. And the less software used, the better.

Alexander Skwar
The wonderful thing about a dancing bear is not how well he dances,
but that he dances at all.

More information about the ubuntu-users mailing list