| View previous topic :: View next topic |
| Author |
Message |
floattt
n00b
Joined: 26 Jul 2015
Posts: 1
|
 Posted: Sun Jul 26, 2015 8:43 am Post subject: I didn't setup iptables for a week after install, am I safe? |
 |
|
| I know I'm going to come off as a total noob, but I forgot to setup my iptables rules for a week after install. OUTPUT, INPUT and FORWARD were set to ACCEPT during this time. Is my computer still safe? I'm behind a router so I'm assuming yes, but I want to make sure. Sorry for my ignorance. |
|
| Back to top |
|
 |
Keruskerfuerst
Advocate
Joined: 01 Feb 2006
Posts: 2289
Location: near Augsburg, Germany
|
| Posted: Sun Jul 26, 2015 10:42 am Post subject: |
|
|
If you are a home user, you should use a hardware firewall (200€+).
Just open those ports, which are used by your porgrams. |
|
| Back to top |
|
|
jonathan183
Guru
Joined: 13 Dec 2011
Posts: 318
|
| Posted: Sun Jul 26, 2015 12:32 pm Post subject: |
|
|
It depends on how your router is configured and if you have any services listening to ports.
When I have had routers provided by an ISP they usually come configured to allow all outgoing connections, and reject or drop all incomming ports which are not associated with an outgoing connection. This would be good enough for most home use cases - provided the host you setup was not in a DMZ.
If you are still concerned then backup the /etc tree and do a fresh install, and only copy back config files you need one at a time. Taking a copy of /var/lib/portage/world will give you a list of things you have installed. A copy of .bash_history will help you run through the same commands as you did with the previous install  |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54232
Location: 56N 3W
|
| Posted: Sun Jul 26, 2015 4:31 pm Post subject: |
|
|
floattt,
Depending on how you set up your system, you may not need a firewall at all.
Firewalls are good for two things,
a) they stop nasty stuff from getting in
b) they stop nasty stuff that has got in from phoning home.
You can achieve a) by not running anything that listens to the internet. Gentoo does not start any services for you. You need to add them to a runlevel or start them yourself.
Most home firewalls are capable of b) but its a pain to set up, so its turned off.
What ports does your router forward to your PC?
A firewall will not stop nasties that you invite in, e.g. by browsing iffy websites.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
Buffoon
Veteran
Joined: 17 Jun 2015
Posts: 1369
Location: EU or US
|
| Posted: Sun Jul 26, 2015 5:14 pm Post subject: |
|
|
| None of my boxes behind NAT have firewall. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54232
Location: 56N 3W
|
| Posted: Sun Jul 26, 2015 5:23 pm Post subject: |
|
|
Buffoon,
I have a fairly paranoid firewall running in a KVN that covers my whole network.
Its paranoid because it used to protect Windows boxes too.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
|
Networking & Security
