[H-GEN] Firewall configuration on a remote machine

gavin duley gavin at microcomaustralia.com.au
Wed Feb 9 00:30:02 EST 2011


Hello,

On 9 Feb 2011, at 13:18, Stephen Thorne wrote:

> On 2011-02-09, gavin duley wrote:
>> Should I be as paranoid as I am about installing shorewall on a remote
>> system?  If I should avoid shorewall, what are my other options?
>> (other than learning iptables).
> 
> Your best option:
> 
> Run exactly zero non-essential services listening for connections on
> ips other than 127.0.0.1 or ::1.

This is more-or-less what I've been doing so far. Having a quick look with netstat, I can see one or two services I don't recognise, probably things that Debian "helpfully" installed for me. 

Any suggestions as to where I could look them up to see what they are, and therefore how to disable them? I could post them to the list, but that might turn out to be publicly listing vulnerabilities on my server. This would seem to be a bad idea.

gavin,

-- 
Honestly, if you're given the choice between Armageddon or tea, you don't say 'What kind of tea?'
		-- Neil Gaiman

Gavin Duley
<gavin at microcomaustralia.com.au> <gpd at sdf-eu.org>
WWW: http://www.gavinduley.org/




More information about the General mailing list