[ILUG] Am I being persecuted?
Aidan Delaney
adelaney at cs.may.ie
Tue Oct 19 14:02:34 IST 2004
On Tue, 2004-10-19 at 13:37 +0100, Timothy Murphy wrote:
> On Tuesday 19 October 2004 13:12, Barry O'Donovan wrote:
>
> > > Will they be able to get past my filewall?
> > > (I'm running the standard shorewall setup.)
> >
> > If you have those log messages they already are past your firewall.
> > Either it's not running, it's not configured properly or you've
> > configured it to allow SSH access through.
>
> That is what I thought.
> However, I just followed the model in the shorewall "two-interfaces" setup.
My personal theory on this is that if I'M not running any services (eg:
httpd or sshd or cupsd) on a public interface (localhost is ok) then I
don't need a firewall. My reason is that if there are no services
running then having a firewall is just running a service that could be
compromised. I may be wrong, but I'm sure I'll be corrected if I am :)
One of the beautiful things about Linux is that you can turn off
services.
--
Aidan Delaney email: adelaney at cs.may.ie
web: http://www.cs.may.ie/~adelaney
gpg: http://www.cs.may.ie/~adelaney/public_key.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.linux.ie/pipermail/ilug/attachments/20041019/d2619e08/attachment.pgp
More information about the ILUG
mailing list