Is this safe enough?

koyi · 08-18-2004, 09:01 AM

I just learned to use iptables to protect my box. This is just a personal box which I work and do casual things on. Not a server or router. This is the output from iptables -L:

Code:

bash-2.05b# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  localhost            anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
bash-2.05b#

As you can see, I allow all data out of my box(Chain OUTPUT).
I just wonder if this is safe enough?
All suggestions welcome

Thanks.

iceman47 · 08-18-2004, 02:40 PM

It can never be safe enough.
That setup won't drop non-routable ip adresses, allows you box to be pinged, allows potential
crackers to connect to everywhere once on your box and so on.
I'd call that a _very_ basic setup, just as safe as a closed but not locked door.

koyi · 08-18-2004, 08:57 PM

Thanks for replying.

Is there any good cookbooks or samples around with a reasonable setup for a desktop like this? Or should I tighten the security to the level of a network server?

Actually this box is not connected directly to the Internet. It connects to the Internet through a DSL modem with a router built-in. And I dun think there is a firewall function in that modem.

iceman47 · 08-18-2004, 10:45 PM

It won't hurt to secure your desktop like a server and it's great practice.
http://www.netfilter.org/ will help you further or if you want to do it easy, check http://www.shorewall.net.

koyi · 08-18-2004, 10:50 PM

Thanks for the info, I will try to read them when I am free. Thanks