iptables/firewall importance?

matttah · Apprentice Joined: 22 Jan 2005 Posts: 207

I have been in linux for years now and just getting around to probably securing my computer. I am currently behind a router which I have only forward certain ports to my computer, but otherwise I have no firewalls in place. Is it necessary? As of now I only have ssh and http forwarded to my machine. What do you suggest I read to start securing my computer.

Thanks,
Daumdd

tanderson · Retired Dev Joined: 11 Apr 2007 Posts: 193

If your http server is directly accessible to the internet, I would suggest installing Apache into a chroot jail, to limit what kind of damage an attack on your apache can do.

Also, try turning off Root logins from ssh and disable password authentication from ssh. The config file is very well documented.
_________________
No Man is Just a Number!

--The Prisoner

Hu · Administrator Joined: 06 Mar 2007 Posts: 23062

Have you read Gentoo Security Handhook: Firewalls (chapter 11 of the Gentoo Security Handbook)?

pdr · l33t Joined: 20 Mar 2004 Posts: 618

I'm the same. I don't run an extra firewall because it would have nothing to do except to protect against attacks from my intranet machines, and they are trusted.

stdPikachu · Apprentice Joined: 10 Mar 2004 Posts: 254 Location: UK

Even if you only have services like SSH that face the internet, a simple firewall can stop someone DOSing your connection by using a rate limit filter. I am also in the same boat as you (i.e. been using Linux for years but never set up a firewall) but after reading a few books on network security I'm more convinced that an extra layer of security can't hurt.

My current firewall is allowing connections to certain services only based on IP and MAC addresses, others are available to the local subnet, others are available to the entire internet. Even if it makes little to no difference security-wise, it's still fun and educational

opentaka · l33t Joined: 18 Feb 2005 Posts: 840 Location: Japan

security is never too much, nothing can be trusted once its compromised.
_________________
"Being defeated is often a temporary condition. Giving up is what makes it permanent" - Marilyn vos Savant

Vojko · n00b Joined: 11 Aug 2006 Posts: 27

i'm behind a router and i'm using firewall but only because of lowIds in emule and nat checks in bittorrent clients. Firewall has an everything is open policy.

And i had some years ago a debian router box with 2.2 kernel and no firewall (ok 2 lines for internet sharing, apache, ftp, mysql ... inc) running for 130 days and nothing happened.

silentplummet · n00b Joined: 14 Jun 2004 Posts: 58

[quote] running for 130 days and nothing happened.[/quote]

You mean nothing happened that you know about =]

Jiokah · Posted: Thu Aug 02, 2007 4:13 am Post subject:

Firewalls are very important. If you set one up and log denied connections, you'll find people trying to get in on an hourly basis. People use software that automatically scans entire networks for vulnerabilities. Once they're in, they'll just install their stuff and use your computer/server to do their dirty work, and you'd have no idea.

Study iptables to set up a good firewall (netfilter is powerful software). There are plenty of tutorials on the net to get you started up with something.

Emerge denyhosts. This is handy software that tracks suspicious activity and automatically bans the IP.

Like someone said already, disable the ability for root to directly SSH to your computer. Instead, create a user and add them to the wheel group and just log in as him, then su

If you have a remote webserver though, don't do what I did and block yourself out by accident :roll: