* Michael C. ([EMAIL PROTECTED]) [030919 10:30]: > In linux.debian.user, Jimmy Johansson <[EMAIL PROTECTED]> wrote: > > > I have set up Iptables so that I reject > > all incomming traffic, except the traffic I have requested, because I > > don't need incomming SSH or anything like that. > > While I believe it breaks something, if you're not serving the internet, > I'd drop incoming traffic as opposed to rejecting it, that way you are > stealth.
I'd recommend just the opposite, since as you said, it breaks "something", and if you believe you are "stealth", you're only fooling yourself. IMO, it's not worth it. My favorite firewall configs reject TCP with RST, UDP with icmp-port-unreach, and other protocols with icmp-proto-unreach. I think it's easier to make your firewall invisible than it is to make your host invisible. You can't disappear; the best you can do is become uninteresting (no open ports). good times, Vineet -- http://www.doorstop.net/ -- Microsoft has argued that open source is bad for business, but you have to ask, "Whose business? Theirs, or yours?" --Tim O'Reilly
pgp00000.pgp
Description: PGP signature
