Mailinglist Archive: opensuse (4547 mails)

< Previous Next >
Re: [SLE] SMTP and incomming mail -- PROBLEMS??
  • From: John Andersen <jsa@xxxxxxxxxxxxxx>
  • Date: Tue, 25 May 2004 17:19:10 -0800
  • Message-id: <200405251719.10033.jsa@xxxxxxxxxxxxxx>
On Tuesday 25 May 2004 15:20, Carlos E. R. wrote:
> The Monday 2004-05-24 at 17:49 -0800, John Andersen wrote:
> > Nonsense.
> >
> > If you don't have a ton of un-needed services running (e.g. ports open)
> > there is really very little risk. After all, most hardware firewalls
> > are nothing but unix/linux burned into a chipset.
> >
> > This isn't Windows Xp, its Linux. Its what firewalls are made of.
> I have to disagree. Running SuSE Linux with service "susefirewall" stopped
> while connected to the Internet, is not wise; specially a newly installed
> machine, still with the configuration not finished, as is the case in
> point of this thread.

SuSE, unlike RedHat, installs pretty securely. You have to specifically
turn on those ports/services you want open, rather than run around
and close them. Even the Xserver does not listen remote any more.

Case in point: I just installed 9.1 taking all the defaults and
"netstat -anp" shows only port 22 and 25 as listening, and the only
reason 25 is listening is because I told it to.

If a port is not open (listening) there is nothing much that can be done
to it. I never run susefirewall, I alsways run shorewall when I want
build a firewall. The both just set up iptables, but closed ports present
no target for attackers.

> I'm not talking of independent hardware firewalls.

But I was, and I was pointing out that many of them are nothing but linux.

John Andersen

< Previous Next >
Follow Ups