[H-GEN] Firewall configuration on a remote machine
stephen at thorne.id.au
Wed Feb 9 01:00:04 EST 2011
On 2011-02-09, gavin duley wrote:
> On 9 Feb 2011, at 13:18, Stephen Thorne wrote:
> > On 2011-02-09, gavin duley wrote:
> >> Should I be as paranoid as I am about installing shorewall on a remote
> >> system? If I should avoid shorewall, what are my other options?
> >> (other than learning iptables).
> > Your best option:
> > Run exactly zero non-essential services listening for connections on
> > ips other than 127.0.0.1 or ::1.
> This is more-or-less what I've been doing so far. Having a quick look
> with netstat, I can see one or two services I don't recognise,
> probably things that Debian "helpfully" installed for me.
> Any suggestions as to where I could look them up to see what they are,
> and therefore how to disable them? I could post them to the list, but
> that might turn out to be publicly listing vulnerabilities on my
> server. This would seem to be a bad idea.
Program name is the rightmost column, if you're looking at ipv6, ::: is
public, ::1 is localhost,
More information about the General