-   Linux - Security (
-   -   Is this safe enough? (

koyi 08-18-2004 09:01 AM

Is this safe enough?
I just learned to use iptables to protect my box. This is just a personal box which I work and do casual things on. Not a server or router. This is the output from iptables -L:


bash-2.05b# iptables -L
Chain INPUT (policy DROP)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    all  --  localhost            anywhere           

Chain FORWARD (policy DROP)
target    prot opt source              destination       

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       

As you can see, I allow all data out of my box(Chain OUTPUT).
I just wonder if this is safe enough?
All suggestions welcome :)


iceman47 08-18-2004 02:40 PM

It can never be safe enough.
That setup won't drop non-routable ip adresses, allows you box to be pinged, allows potential
crackers to connect to everywhere once on your box and so on.
I'd call that a _very_ basic setup, just as safe as a closed but not locked door.

koyi 08-18-2004 08:57 PM

Thanks for replying. :)

Is there any good cookbooks or samples around with a reasonable setup for a desktop like this? Or should I tighten the security to the level of a network server?

Actually this box is not connected directly to the Internet. It connects to the Internet through a DSL modem with a router built-in. And I dun think there is a firewall function in that modem.

iceman47 08-18-2004 10:45 PM

It won't hurt to secure your desktop like a server and it's great practice. will help you further or if you want to do it easy, check

koyi 08-18-2004 10:50 PM

Thanks for the info, I will try to read them when I am free. Thanks :)

All times are GMT -5. The time now is 12:35 PM.