Re: [opensuse] Re: ssh problems SOLVED: Thank you
Dne čtvrtek 28. dubna 2016 10:32:13 CEST jste napsal(a):
Dne čtvrtek 28. dubna 2016 10:05:23 GMT, Vojtěch Zeisek napsal:
Dne čtvrtek 28. dubna 2016 10:02:14 CEST, Wolfgang Mueller napsal(a):
[...] it was the SuSE firewall that caused the problems. Having stopped and disabled it, everything works o.k.
Ehm, I'd rather recommend to open SSH port and start firewall again...
Isn't it sufficient to rely on the firewall of my router (AVM FRITZ!Box 3270)?
I don't know this model, but I have always found cheap home routers too unreliable. If You are *sure* it is good model with good firewall, then OK... -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
Isn't it sufficient to rely on the firewall of my router (AVM FRITZ!Box 3270)?
not all all, specially if you have wlan enabled. And if one of your other computer on the network is compromised... go to yast, enable ssh in the firewall, it's very easy. jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/28/2016 03:16 AM, jdd wrote:
Isn't it sufficient to rely on the firewall of my router (AVM FRITZ!Box 3270)?
not all all, specially if you have wlan enabled. And if one of your other computer on the network is compromised...
go to yast, enable ssh in the firewall, it's very easy.
jdd
What do you imagine this other compromised machine could do to your opensuse if you do not have a boatload of open (listening) ports? And if you do have all those ports listening, WTF were you thinking? -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/28/2016 02:35 AM, Vojtěch Zeisek wrote:
Dne čtvrtek 28. dubna 2016 10:32:13 CEST jste napsal(a):
Dne čtvrtek 28. dubna 2016 10:05:23 GMT, Vojtěch Zeisek napsal:
Dne čtvrtek 28. dubna 2016 10:02:14 CEST, Wolfgang Mueller napsal(a):
[...] it was the SuSE firewall that caused the problems. Having stopped and disabled it, everything works o.k.
Ehm, I'd rather recommend to open SSH port and start firewall again...
Isn't it sufficient to rely on the firewall of my router (AVM FRITZ!Box 3270)?
I don't know this model, but I have always found cheap home routers too unreliable. If You are *sure* it is good model with good firewall, then OK...
Well to throw more fuel on this fire..... Caveat: Opensuse use to install with virtually no ports listening, and was very secure. This has changed somewhat, becoming slightly more like windows, and one has to use netstat -anp occasionally to see which ports are listening. But In General: If the system is not listening on an external interface/port then there is no reason to firewall it. The port isn't open, no traffic can pass. Adding a software firewall on the same machine (not an upstream router) offers no real protection beyond what you already had with a closed port. -- After all is said and done, more is said than done.
On 2016-04-28 19:14, John Andersen wrote:
On 04/28/2016 02:35 AM, Vojtěch Zeisek wrote:
Dne čtvrtek 28. dubna 2016 10:32:13 CEST jste napsal(a):
Adding a software firewall on the same machine (not an upstream router) offers no real protection beyond what you already had with a closed port.
No; I think it is far easier to control "leaks" in the firewall than checking what ports might be listening, which afterall, can change. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2016-04-28 19:14, John Andersen wrote:
On 04/28/2016 02:35 AM, Vojtěch Zeisek wrote:
Dne čtvrtek 28. dubna 2016 10:32:13 CEST jste napsal(a):
Adding a software firewall on the same machine (not an upstream router) offers no real protection beyond what you already had with a closed port.
No; I think it is far easier to control "leaks" in the firewall than checking what ports might be listening, which afterall, can change.
Yes, I agree, open ports has to be controlled in the firewall precisely because of that. Default to "all closed", then you open as needed. Standard practice. -- Per Jessen, Zürich (4.3°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Carlos E. R.
-
jdd
-
John Andersen
-
Per Jessen
-
Vojtěch Zeisek