On Sat, August 29, 2015 1:39 pm, Reco wrote: > Something like this should save you from the most troubles provided > that you don't plan to use your laptop as a print server or NFS:
I am not sure how "print server" is defined. I installed CUPS so that I can print to a laser printer in my home network. And if my client gives me a URL which I view on the laptop, it would be nice to be able to bookmark the URL and, once I am back home, bring up and print the web page directly from the laptop. As to NSF, I had to search with google to find the definition. No, on the laptop and in my LAN the only drives accessed are internal, formatted with ext4, and an external USB. > iptables -P INPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT > -p icmp -j ACCEPT > iptables -A INPUT -m conntrack --ctstate INVALID -j DROP iptables -A INPUT > -p tcp -m conntrack --ctstate RELATED,ESTABLISHED \ > -j ACCEPT > iptables -A INPUT -p udp -m conntrack --ctstate RELATED,ESTABLISHED \ -j > ACCEPT > iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p udp > --dport 123 -j ACCEPT > > iptables -P FORWARD DROP > > ip6tables -P INPUT DROP ip6tables -A INPUT -p ipv6-icmp -j ACCEPT ip6tables > -A INPUT -m conntrack --ctstate INVALID -j DROP > ip6tables -A INPUT -p tcp -m conntrack --ctstate RELATED,ESTABLISHED \ -j > ACCEPT > ip6tables -A INPUT -p udp -m conntrack --ctstate RELATED,ESTABLISHED \ -j > ACCEPT > ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT ip6tables -A INPUT -p udp > --dport 123 -j ACCEPT > > ip6tables -P FORWARD DROP > > > Of course, it's *very* simplistic set of rules (for example, someone > may consider accepting ssh connections from arbitrary hosts a bad idea), > but it should work. And I thank you. > Two things I'm unsure of are: > > 1) Avahi's udp 5353. I don't see any value in mDNS (especially in office > network), but YMMV. I have been running Debian for thirteen years, but I know absolutely nothing about avahi. It must have been installed by default, or else, perhaps as a dependency of some other package. > 2) Whatever thing you're listening for on tcp 9999 with inetd. Ah! 9999 is the port used by the approx server. Months ago I had to install Debian on a system in another location which had a substandard DSL connection. And whenever I do a Debian netinst, I always use approx, "just in case". So that is why I installed approx on the laptop. RLH
