should i use a firewall ?

geek.arnuld · 2007-06-07 20:55:20

i use my box to learn programming and connect to internet using my ADSL modem and watch some movies, some songs and that's it. should i use a firewall ?

cactus · 2007-06-07 20:56:03

yes.

.:B:. · 2007-06-07 21:16:11

It's not because it linux that it can't be hacked. If you get online, no matter what OS, you need a firewall.

skymt · 2007-06-08 00:29:16

Ideally, there should be some hardware in between your computer and your modem. If your ISP gave you a router (or you can get your hands on a cheap one somewhere else), use that and trust NAT for your firewall. Otherwise, a simple software firewall like Firestarter or Shoreline wouldn't be a bad idea. Linux firewall software does nothing more than configure the built-in ipfilter system, so it doesn't matter which one you choose.

Last edited by skymt (2007-06-08 00:29:50)

geek.arnuld · 2007-06-08 11:54:56

well, i posted the same on Gentoo Forums and i was advised to use this:

defaultserverargs="--nolisten tcp" in "/usr/bin/startx"

any comments on that ?

[vEX] · 2007-06-08 11:57:39

That's a good idea if you don't want to be able to access your X server remotely, not sure whether it's on default or not in Arch, but I have it added on my machine.

geek.arnuld · 2007-06-08 12:10:15

[vEX] wrote:

That's a good idea if you don't want to be able to access your X server remotely, not sure whether it's on default or not in Arch, but I have it added on my machine.

not sure what that means but i just do not want anybody to access my machine, whether X or command-line. will that option make this possible ?

[vEX] · 2007-06-08 14:18:20

X is built around the server-client model which means that it can accept connections over TCP from remote machines. Just disabling it (--nolisten tcp) will not substitute a firewall, it will only stop X from listening for TCP connections, the rest off your system will still be "open" so to say.

Last edited by [vEX] (2007-06-08 14:18:58)

jerem · 2007-06-08 15:22:50

If you use a simple ADSL modem, it's likely that you are directly connected on the Internet with a public IP.
In that case, you must have a firewall. Simplest way is to drop everything in the INPUT chain, then allow traffic on loopback
and allow established connections.
I even believe there is a sample firewall script provided in the Arch package.

If your ADSL modem is also a router, then it probably SNATs all the traffic and your box has likely a class C private address (192.168.x.y/24).
In that case, don't bother with a firewall.

geek.arnuld · 2007-06-09 04:52:27

jerem wrote:

If you use a simple ADSL modem, it's likely that you are directly connected on the Internet with a public IP.
In that case, you must have a firewall. Simplest way is to drop everything in the INPUT chain, then allow traffic on loopback and allow established connections. I even believe there is a sample firewall script provided in the Arch package.
If your ADSL modem is also a router, then it probably SNATs all the traffic and your box has likely a class C private address (192.168.x.y/24).
In that case, don't bother with a firewall.

i have Netgear DG632 ADSL modem. Netgear folks say it has built-in NAT:
http://www.netgear.com/Products/Routers … ifications

but i don't find any firewall rules or even word NAT in Modem's home page @ 192.168.0.1

skymt · 2007-06-09 16:29:55

geek.arnuld wrote:

i have Netgear DG632 ADSL modem. Netgear folks say it has built-in NAT:
http://www.netgear.com/Products/Routers … ifications
but i don't find any firewall rules or even word NAT in Modem's home page @ 192.168.0.1

NAT (Network Address Translation) isn't a firewall is the strictest sense, it merely acts as one as a side-effect. It allows you to connect multiple computers to the Internet using a single IP address. When a computer makes a connection to a system somewhere else on the net, the NAT system in the router detects it and forwards all incoming traffic related to that connection to the originating computer. With incoming connections, the router has no way of knowing which computer the traffic is meant for, so it rejects it. This way, NAT acts as a firewall that allows all outgoing connections and rejects incoming ones.

If you want to allow incoming connections, you need to set up port forwarding. You can tell your router to forward all incoming connections on a port to a certain address on your local network. This is useful for things like file sharing, VoIP or online gaming.

In short, don't worry, you're safe. Well, as safe (slightly safer, perhaps) as you would be with a software firewall set up.

jerem · 2007-06-09 18:32:05

The address 192.168.0.1 says it all : your modem does NAT stuff because that address
is a class C private address, which is not routable on the Internet.

Don't bother with a firewall.

byte · 2007-06-09 22:52:08

I know pretty much all about firewalls. That's why I don't care to set one up. Ports are closed, case closed.

Arch Linux

#1 2007-06-07 20:55:20

should i use a firewall ?

#2 2007-06-07 20:56:03

Re: should i use a firewall ?

#3 2007-06-07 21:16:11

Re: should i use a firewall ?

#4 2007-06-08 00:29:16

Re: should i use a firewall ?

#5 2007-06-08 11:54:56

Re: should i use a firewall ?

#6 2007-06-08 11:57:39

Re: should i use a firewall ?

#7 2007-06-08 12:10:15

Re: should i use a firewall ?

#8 2007-06-08 14:18:20

Re: should i use a firewall ?

#9 2007-06-08 15:22:50

Re: should i use a firewall ?

#10 2007-06-09 04:52:27

Re: should i use a firewall ?

#11 2007-06-09 16:29:55

Re: should i use a firewall ?

#12 2007-06-09 18:32:05

Re: should i use a firewall ?

#13 2007-06-09 22:52:08

Re: should i use a firewall ?

Board footer