Clearing up some security "jargon"
Sandy Harris
sandyinchina at gmail.com
Tue Jun 17 16:23:20 UTC 2008
On Tue, Jun 17, 2008 at 9:03 PM, Paul Johnson <pauljohn32 at gmail.com> wrote:
> I'm backtracking to try to understand more clearly what "ufw"
> "firestarter" and iptables do. I've been reading so many posts and
> documents about this, and I've reached the conclusion that most people
> don't really understand what they are talking about.
Perhaps not. Anyway, you and I have quite different understandings of
what is going on, see below.
> Here's what I think is correct.
>
> 1. The kernel supplies the iptables service, which is by default,
> always ON in Ubuntu installations,
So far so good. Every Ubuntu I've looked at: 7.10 and 8.04, plain
Ubunutu and Xubuntu, did indeed iptables.
> and it blocks incoming connections on all ports.
No. When I check with something like ""sudo iptables --list", what
I see is that iptables is there but the default policies for input,
output and forwarding are to accept all packets.
It is pretty simple to block all incoming connections. There's an
example in the iptables/netfilter docs:
http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-5.html
But my understanding is that Ubuntu does not do that for you.
You need to do it yourself, either manually or by using one of the
firewall add-ons.
> There is no need to "turn on" a firewall. There is a system-wide
> firewall already.
But it does not do anything by default. You have to tell it what to do.
--
Sandy Harris,
Nanjing, China
More information about the ubuntu-users
mailing list