On Sun, Sep 03, 2000 at 06:01:09AM +0200, Sebastian Ritter wrote: > On Sat, 2 Sep 2000, Carel Fellinger wrote: > > > Hai, > > > > I'm trying to secure my system, I ran pmfirewall and some tests. > > It seems that rpc.mountd still listens on port 1024 even on the > > outgoing ethernet. ''' > You can find a lot of informations on how to set up Firewalls in the > IPCHAINS-HOWTO. You can find that document under http://www.linuxdoc.org/.
I know, I'm reading it. But it takes time to fully understand it:( > Using the firewall as a mail and news server is extremely dangerous. The > best firewall would be a dedicated machine which ONLY acts as a > firewall and does nothing more. I think any company that's a little bit > nervous about security should afford that. I'm not a company:), and I never intent to provide internet services. Those services are for the localnet only! I want them to get denied on the external (internet) ethernet. I don't know yet whether that still compromises security (I've a lot of reading to do:), so for the time being I would appreciate a verdict from a more experienced person. Do you think that even in the above situation local only mail/news services are a bad thing? And is that because once you get cracked the cracker has access to your local news and mail spool? > It seems to me that you are very new to IP security. I'd strongly advise > you to buy external support or read lots of related books, e. g. "Building > Internet Firewalls 2nd Edition" by O'Reilly to gain the basic > skills. Otherwise it's very likely that you'll get cracked. ;-) I've no money to spent on this, so I will have to read and read and read... It's just that in the mean time i would prefer to have a safe machine:) I understood from reading sofar that as long as you don't expose any service to the outside world you are safe, don't know for sure yet though. -- groetjes, carel
