About my Firewall Settings - I would like an opinion
Sam Kuper
sam.kuper at uclmail.net
Mon Nov 10 19:32:53 UTC 2008
2008/11/10 Manuel Gomez <mgdpz1 at gmail.com>
> Hi, i would like to read opinions about my firewall settings:
> I am using Iptables with Shorewall (frontend) and my configuration is:
> - Default Policy: REJECT all connections.
> - Rules: Allow DNS (my DNS servers), allow http and https connections for
> servers: www.google.es, ...
> So, nobody except these servers can connect with me (inbound and outbound).
> This type of configuration is secure? How could they attack me?
By using REJECT instead of DROP, you have no stealth. This means you can be
port-scanned to look for weaknesses, e.g. unpatched OpenSSH vulnerabilities,
etc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20081110/00308685/attachment.html>
More information about the ubuntu-users
mailing list