Am I safe??
 

I have kinda been wanting to dive into setting up iptables but sometimes I wonder if it is truly needed. Reason I say this, is b/c currently my home network is behind a router which of course has its own firewall. I have always been told that if you're behind a router with a firewall most often there is not much need for a 2nd software firewall. NOW, my Slack server does indeed run a few protocols (Samba, SSH, Apache, and so forth) but most of which are used on the LAN. I have only opened a few non-standard ports on the router to handle any of the protocols I wish to be public. And as I said they are on non-standard ports anyways. I have also been monitoring most all of my traffic that goes through my server and I hardly ever see anything that strikes me as suspicious. So is there much of a need for me to set up iptables or not?

No, you are never safe. Do you have a log checker? I'd recommend logcheck. It's just a simple set of bash scripts that watch your log files for you and e-mail you when something atypical happens. Install it on all your machines.

I figured that'd be the answer I'd receive. :p

Of course, I was probably gonna mess with iptables anyways just b/c I have never set it up. I have done ACLs on Cisco equipment and from what I have seen of iptables they are kinda similar. I was curious though about it just b/c I'd be running 2 firewalls. Thanks again, and I'll check that program out.

To test if you router is doing it's job and to see if you have any open ports , do a quick check on the ShieldsUp web page , it does ports scans for up to 1024 ports and you can test any individual port as well as a few other security tests.


ShieldsUp! Website

I use the shorewall tool to conveniently manage the iptables (firewall) settings of my machines. Each machine runs its own software-firewall and the whole shebang lives behind another firewall in the router.

We have a sensitive database-server that lives behind a second, VPN-enabled router (within the network) and all of the systems who want to talk to that server have to go through VPN to get there. This is our "inner sanctum."

Computer-system security is like any other kind of security: "it's not the locks, it's what you do with them." And to do the right thing with them, you need to acquire a basic understanding of what sort of threats you might reasonably face.

Ironically, one of the most-basic things that one should do with locks .. namely, "lock them!" .. is precisely the one thing that millions upon millions of Windows users do not do. Go figure...

What a cool link! How can I determine which ports to scan? (I'm a newbie.)

Brilliant you ask if you are safe in the security forum :)

I will play devil's advocate a bit then.

Adding iptables/netfilter to your host will mean there is extra code now running that may offer a vulnerability in your host.

Your router most probably has a NAT running and whist yes there are ways to compromise you through the NAT they generally involve you running malformed software.

NAT offers fairly good defense coupled with common sense in your software selection.

The majority of window hosts that get compromised are generally those who connect directly to the net and to be honest Linux boxes connected directly to the net can also suffer quite easily especially if the server option has been turned on when installing the distro.

Is iptables/netfilter suite examined for security vulnerabilities, you bet it is - so running iptables is not a bad option to add an extra layer of security.

But, do be aware firewalls have been the target for exploitation in the past, it is hard to write secure code, even harder in a commercial environment when people have to meet deadlines and add features for the marketing people who want to go to press at a certain time.

Snort has been subject to a recent vulnerability IIRC, so once you embark on the security path you need to have a few places to go to make sure your security toolkit is working as it should.