Joerg Posted May 23, 2008 Posted May 23, 2008 I've got a pc running debian which provides only ssh (-p 22). If I use iptables to block all incoming traffic not related to port 22, does that really make sense? I mean, there are no other services listening on a port. Quote
beakmyn Posted May 23, 2008 Posted May 23, 2008 I've got a pc running debian which provides only ssh (-p 22). If I use iptables to block all incoming traffic not related to port 22, does that really make sense? I mean, there are no other services listening on a port. You do have a firewall that's what iptables is doing for you. You'll want to throttle port 22 incoming though. http://www.debian-administration.org/articles/187 Quote
Sparda Posted May 23, 2008 Posted May 23, 2008 The Linux kernel has it's firewall (iptables) built in providing networking is enabled. Quote
SomeoneE1se Posted May 24, 2008 Posted May 24, 2008 I've got a pc running debian which provides only ssh (-p 22). If I use iptables to block all incoming traffic not related to port 22, does that really make sense? I mean, there are no other services listening on a port. you don't really need a firewall unless you're giving other users access to the box and you don't want them running anything that listens Quote
Joerg Posted May 24, 2008 Author Posted May 24, 2008 @SomeoneE1se: Sounds reasonable I came to the conclusion that I don't need a firewall but a monitoring tool which reports me logins/failed logins/etc (-> OSSEC) Quote
Sparda Posted May 24, 2008 Posted May 24, 2008 You should take note of which ports are listening and and make sure the deamons listening on them are kept current or stop them if they are unnecessary. Quote
metatron Posted May 25, 2008 Posted May 25, 2008 You really should change it from port 22 and set the maximum authentication accepts to two, with your box blocking an IP after the two accepts. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.