Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.security > #348

Re: Allow new incoming connection?

From buck <buck@private.mil>
Newsgroups comp.os.linux.security
Subject Re: Allow new incoming connection?
Date 2013-06-22 06:46 +0000
Organization Say What?
Message-ID <kq3h7p12jcm@news4.newsguy.com> (permalink)
References <kq261g07eh@news1.newsguy.com> <kq266k$3au$1@dont-email.me>

Show all headers | View raw

Aragorn <thorongil@telenet.be.invalid> wrote in news:kq266k$3au$1@dont-
email.me:

>> Is my rejection of NEW on high ports wrong?
> 
> In my opinion: yes.
> 
>> Should I allow just google? What is best practice (and why?)?
> 
> The thing most newcomers to GNU/Linux always tend to misunderstand is 
> firewalls, and especially so when they come from the Microsoft Windows 
> world.  
> 
> Windows listens to just about every port - high or low - by default, 
and 
> thus it needs a userspace firewall to stop things from coming in and 
> things from phoning home.  GNU/Linux is not like that.  If you don't 
> have any daemons or applications listening on a particular port, then 
> all traffic to that port will be ignored by default.  By consequence, 
> there is no need to add a rule to your firewall - which is the Linux 
> kernel itself, by the way - for traffic you don't want.
> 
> You're not in Redmond anymore, Toto. ;-)

???

See http://andthatsjazz.org/customfw.html
and then maybe you can make such comments.
-- 
buck

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Allow new incoming connection? buck <buck@private.mil> - 2013-06-21 18:29 +0000
  Re: Allow new incoming connection? Aragorn <thorongil@telenet.be.invalid> - 2013-06-21 20:36 +0200
    Re: Allow new incoming connection? buck <buck@private.mil> - 2013-06-22 06:46 +0000
      Re: Allow new incoming connection? Aragorn <thorongil@telenet.be.invalid> - 2013-06-22 08:53 +0200
    Re: Allow new incoming connection? Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2013-06-22 14:47 +0200
      Re: Allow new incoming connection? Aragorn <thorongil@telenet.be.invalid> - 2013-06-22 15:09 +0200
        Re: Allow new incoming connection? Richard Kettlewell <rjk@greenend.org.uk> - 2013-06-22 14:27 +0100
          Re: Allow new incoming connection? Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2013-06-22 16:37 +0200
  Re: Allow new incoming connection? Richard Kettlewell <rjk@greenend.org.uk> - 2013-06-21 20:01 +0100
    Re: Allow new incoming connection? buck <buck@private.mil> - 2013-06-22 06:35 +0000
      Re: Allow new incoming connection? Richard Kettlewell <rjk@greenend.org.uk> - 2013-06-22 09:39 +0100
  Re: Allow new incoming connection? David Hough <noone$$@llondel.org> - 2013-06-22 12:18 +0100
  Re: Allow new incoming connection? "Trevor Hemsley" <Trevor.Hemsley@mytrousers.ntlworld.com> - 2013-06-22 07:37 -0500
  Re: Allow new incoming connection? Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2013-06-22 14:56 +0200
    Re: Allow new incoming connection? buck <buck@private.mil> - 2013-06-22 17:35 +0000
    Re: Allow new incoming connection? buck <buck@private.mil> - 2013-06-22 18:01 +0000
      Re: Allow new incoming connection? "Trevor Hemsley" <Trevor.Hemsley@mytrousers.ntlworld.com> - 2013-06-22 14:29 -0500

csiph-web