* Roberto Sanchez ([EMAIL PROTECTED]) [030215 12:51]: > > I am planning on getting DSL in the near future, so I have been considering > what to do about a firewall. > > My intended setup is like this: > > www -> DSL modem -> cable/DSL router w/ hardware FW -> small LAN > > However, I would still like to have a firewall on each individual machine. > I downloaded firestarter on one machine and played around with it some. > But I'm not sure if that is the best tool. I basically want to block all > incoming traffic except for SSH and DHCP (so I can get an IP address from > the router). This setup seemed pretty easy with the little wizard that is > included. I also need to be able to print across my local network. > > I tried out several services (telnet, ftp, and http) and it blocked those > requests, but I am not sure how indicative that is of the security level. > I also tried ssh and that worked fine. > > Any advice would be appreciated.
Generally speaking, for a home user, being behind a NAT/firewall (the DSL router in your case) is sufficient. Taking the extra step of a firewall on each machine is fine, though. In order to see what is really going on, I'd suggest looking at the output of 'iptables -nvL', and asking for help interpreting it if you don't fully understand. good times, Vineet -- http://www.doorstop.net/ -- One nation, indivisible, with equality, liberty, and justice for all.
msg30949/pgp00000.pgp
Description: PGP signature
