Re: firewall without loopback interface
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Fri, 20 Jan 2006 13:55:31 -0600
On 19 Jan 2006, in the Usenet newsgroup comp.security.firewalls, in article
<1137723535.970672.53980@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, saltlick wrote:
>A few years back my college lecturer suggested that the most secure way
>to setup a (linux) firewall is to not have any loopback (lo) interface
>and hence it cannot run any local services but only forward traffic back
>and forth, etc.
Someone has a severe concept/nomenclature problem. The presence or absence
of a loopback interface has nothing to do with the services that are being
offered. The loopback is how the computer talks to _itself_ and if the
loopback is vulnerable, it's because someone already 0wnZ the computer.
What is probably being talked about is not offering any services, OR
limiting access to such services to specific internal hosts. Another
concept is that there is no access FROM the firewall to any other
system inside OR out - that is, the firewall is not considered a trusted
system.
>Obviously you would then have to manage the host from the console.
Gee, my home firewall is an old laptop that doesn't have a case, keyboard
or display and offers no network services. Wonder why that works.
>Any comments ?
http://www.oreilly.com and search for "Practical Unix & Internet
Firewalls" by Zwicky, et.al.
Old guy
.
- References:
- firewall without loopback interface
- From: saltlick
- firewall without loopback interface
- Prev by Date: Re: ZoneAlarm Phones Home
- Next by Date: Re: SonicWall SOHO3
- Previous by thread: Re: firewall without loopback interface
- Next by thread: Re: firewall without loopback interface
- Index(es):
Relevant Pages
|
