Why do I (not) need a firewall?

[Joerg]

I've got a pc running debian which provides only ssh (-p 22).

If I use iptables to block all incoming traffic not related to port 22, does that really make sense? I mean, there are no other services listening on a port.

[beakmyn]

I've got a pc running debian which provides only ssh (-p 22).

If I use iptables to block all incoming traffic not related to port 22, does that really make sense? I mean, there are no other services listening on a port.

You do have a firewall that's what iptables is doing for you. You'll want to throttle port 22 incoming though.

http://www.debian-administration.org/articles/187

[Sparda]

The Linux kernel has it's firewall (iptables) built in providing networking is enabled.

[SomeoneE1se]

I've got a pc running debian which provides only ssh (-p 22).

If I use iptables to block all incoming traffic not related to port 22, does that really make sense? I mean, there are no other services listening on a port.

you don't really need a firewall unless you're giving other users access to the box and you don't want them running anything that listens

[Joerg]

@SomeoneE1se: Sounds reasonable

I came to the conclusion that I don't need a firewall but a monitoring tool which reports me logins/failed logins/etc (-> OSSEC)

[Sparda]

You should take note of which ports are listening and and make sure the deamons listening on them are kept current or stop them if they are unnecessary.

[metatron]

You really should change it from port 22 and set the maximum authentication accepts to two, with your box blocking an IP after the two accepts.