listen at alexander.skwar.name
Sun Sep 3 14:54:28 UTC 2006
· Gabriel M Dragffy <dragffy at yandex.ru>:
> If you want your machine to be invisible by dropping all packets
> instead of rekecting them,
By doing so, your machine is *VERY* visible. There's no such
thing as an invisible machine on the Internet.
Dropping packages is close to never a good suggestion. Rejecting
packages might be worthwhile, though. But for this, a packet
filter isn't needed.
> I recommend firehol. Install it and edit
> firehol.conf. You probably want something like:
> interface eth+ internet
> client all accept
> protection strong 10/sec 10
> policy deny
> server shh accept
> and that's it, it'll keep you ssh open to the outside world.
Hm - the same can be gained by not opening any ports in the
first place. And the less software used, the better.
The wonderful thing about a dancing bear is not how well he dances,
but that he dances at all.
More information about the ubuntu-users