Re: Iptable rules to protect my box from the internet
From: Andrew Schulman (andrex_at_deadspam.com)
Date: 12/28/04
- Previous message: Digi: "Re: Iptable rules to protect my box from the internet"
- In reply to: 19owls: "Re: Iptable rules to protect my box from the internet"
- Next in thread: fritz-bayer_at_web.de: "Re: Iptable rules to protect my box from the internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Dec 2004 11:53:33 -0500
> Is it safe to suggest that connecting a router on top of the cable
modem
> is better/safer than just the modem?
Safer, definitely. Any NAT router makes an instant, no-configuration
firewall that will defeat all but a small fraction of network attacks.
Better-- that depends on your needs. One problem with NAT is that it
interferes with some popular network services, such as FTP and
filesharing. So people start to use the port forwarding features to
open holes. Now you're into the business of configuring a firewall.
For simple needs, the router's firmware can probably do what you need.
But to get maximum flexibility, I turn off my router's NAT feature and
have my Debian box perform the NAT and firewalling itself, using hand-
built iptables scripts.
-- To reply by email, replace "deadspam.com" by "alumni.utexas.net"
- Previous message: Digi: "Re: Iptable rules to protect my box from the internet"
- In reply to: 19owls: "Re: Iptable rules to protect my box from the internet"
- Next in thread: fritz-bayer_at_web.de: "Re: Iptable rules to protect my box from the internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
