|
Firewall Wizards
mailing list archives
Re: Securing a Linux Firewall
From: Brian Hatch <firewall-wizards () ifokr org>
Date: Tue, 23 Jul 2002 08:55:49 -0700
I have a computer set up for the exclusive use as a gateway/firewall running
IPChains. I would like to know if I can safely shut down the rpc.statd
service. According to the man page, " It is used by the NFS file locking
service, rpc.lockd, to implement lock recovery when the NFS server machine
crashes and reboots." Since I am not using NFS (or at least I believe I am
not; the firewall is the only *nix computer on the network, and isn't used
for file sharing) can I safely turn this off? I have read that turning off
unneeded services is needed to secure a linux box, which is doubly a concern
with a firewall.
Can? Yes. Should? Definately. Post-haste. Shut
it and everything else down. When you're done, you
should have no network services except SSH available
(both TCP and UDP - check both). And even SSH should
be allowed (via your ipchains rules) only from a
few administrative hosts.
However you may find using a 2.4 kernel will offer you a
much more robust firewall/filtering mechanism using
iptables (netfilter) instead of ipchains.
--
Brian Hatch FATAL ERROR:
Systems and x86 architecture found.
Security Engineer
www.hackinglinuxexposed.com
Every message PGP signed
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
| 
Intro
