Joerg Posted May 23, 2008 Share Posted May 23, 2008 I've got a pc running debian which provides only ssh (-p 22). If I use iptables to block all incoming traffic not related to port 22, does that really make sense? I mean, there are no other services listening on a port. Quote Link to comment Share on other sites More sharing options...
beakmyn Posted May 23, 2008 Share Posted May 23, 2008 I've got a pc running debian which provides only ssh (-p 22). If I use iptables to block all incoming traffic not related to port 22, does that really make sense? I mean, there are no other services listening on a port. You do have a firewall that's what iptables is doing for you. You'll want to throttle port 22 incoming though. http://www.debian-administration.org/articles/187 Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 23, 2008 Share Posted May 23, 2008 The Linux kernel has it's firewall (iptables) built in providing networking is enabled. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted May 24, 2008 Share Posted May 24, 2008 I've got a pc running debian which provides only ssh (-p 22). If I use iptables to block all incoming traffic not related to port 22, does that really make sense? I mean, there are no other services listening on a port. you don't really need a firewall unless you're giving other users access to the box and you don't want them running anything that listens Quote Link to comment Share on other sites More sharing options...
Joerg Posted May 24, 2008 Author Share Posted May 24, 2008 @SomeoneE1se: Sounds reasonable I came to the conclusion that I don't need a firewall but a monitoring tool which reports me logins/failed logins/etc (-> OSSEC) Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 24, 2008 Share Posted May 24, 2008 You should take note of which ports are listening and and make sure the deamons listening on them are kept current or stop them if they are unnecessary. Quote Link to comment Share on other sites More sharing options...
metatron Posted May 25, 2008 Share Posted May 25, 2008 You really should change it from port 22 and set the maximum authentication accepts to two, with your box blocking an IP after the two accepts. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.