[H-GEN] Firewall configuration on a remote machine
gavin duley
gavin at microcomaustralia.com.au
Wed Feb 9 00:30:02 EST 2011
Hello,
On 9 Feb 2011, at 13:18, Stephen Thorne wrote:
> On 2011-02-09, gavin duley wrote:
>> Should I be as paranoid as I am about installing shorewall on a remote
>> system? If I should avoid shorewall, what are my other options?
>> (other than learning iptables).
>
> Your best option:
>
> Run exactly zero non-essential services listening for connections on
> ips other than 127.0.0.1 or ::1.
This is more-or-less what I've been doing so far. Having a quick look with netstat, I can see one or two services I don't recognise, probably things that Debian "helpfully" installed for me.
Any suggestions as to where I could look them up to see what they are, and therefore how to disable them? I could post them to the list, but that might turn out to be publicly listing vulnerabilities on my server. This would seem to be a bad idea.
gavin,
--
Honestly, if you're given the choice between Armageddon or tea, you don't say 'What kind of tea?'
-- Neil Gaiman
Gavin Duley
<gavin at microcomaustralia.com.au> <gpd at sdf-eu.org>
WWW: http://www.gavinduley.org/
More information about the General
mailing list