On Tuesday 25 May 2004 15:20, Carlos E. R. wrote:
The Monday 2004-05-24 at 17:49 -0800, John Andersen wrote:
Nonsense.
If you don't have a ton of un-needed services running (e.g. ports open) there is really very little risk. After all, most hardware firewalls are nothing but unix/linux burned into a chipset.
This isn't Windows Xp, its Linux. Its what firewalls are made of.
I have to disagree. Running SuSE Linux with service "susefirewall" stopped while connected to the Internet, is not wise; specially a newly installed machine, still with the configuration not finished, as is the case in point of this thread.
SuSE, unlike RedHat, installs pretty securely. You have to specifically turn on those ports/services you want open, rather than run around and close them. Even the Xserver does not listen remote any more. Case in point: I just installed 9.1 taking all the defaults and "netstat -anp" shows only port 22 and 25 as listening, and the only reason 25 is listening is because I told it to. If a port is not open (listening) there is nothing much that can be done to it. I never run susefirewall, I alsways run shorewall when I want build a firewall. The both just set up iptables, but closed ports present no target for attackers.
I'm not talking of independent hardware firewalls.
But I was, and I was pointing out that many of them are nothing but linux. -- _____________________________________ John Andersen