Firewall Setting?

[Tomi Häsä]

Is this firewall setting enough for a user just surfing on the net using an ADSL connection:

 

KDE -> Mandriva Linux Control Center 2006.0 -> Security -> Firewall -> [x] Everything (no firewall).

 

In other words is Linux safe enough to have no firewall at allនដនដនដដននដនដនដដដដដដដដដ?

 

[moved from Installing Mandriva by spinynorman - welcome aboard :)]

[arctic]

Welcome aboard. :)

 

You can run a Linux system without a firewall and without running into BIG problems in 90% of such cases. However, I suggest that you enable the firewall for apparent security advantages. Uncheck the "no firewall" box and check those services that you know you will need (e.g. if you run an ftp-server, you will want to check the ftp box, if you run a webserver, checking the box for enabling imap/pop-access will be your choice). Most times (normal desktop user), you don't need to check any of the additional options like ftp-access you see there.

[pmpatrick]

If you have a router with a built in hardware firewall that would be OK. Otherwise, with an always on broadband connection, I'd block everything on that list unless their is some specific need to have the service available. Note, with everything blocked you can still surf and get your email; the firewall only blocks incoming attempt to connect to those services listed.

[Ixthusdan]

Everyone should always surf from inside a firewall, period. I surf from behind a router and personal firewalls on each work station. I do not want anything exposed to the script kiddies of the world. If they want in, they'll have to work at it. (Something they don't do naturally! :lol: )

[ianw1974]

I have a dlink router which has firewall built in apparently, however, this is connected to a ServGate firewall just to make sure :P

 

Oh, and some of my machines run shorewall as well just in case! :D

[tyme]

having a firewall is always a good idea, as most here have said ;). the firewall settings in shorewall should be sufficient. just check anything you need to use.

[Crashdamage]

Some would say that as long as you keep up with security updates you could run without any firewall with no significant worries, and indeed many users have for years with no problems. As for me, I take the (possibly) paranoid view that security patches aren't enough. So I disable all unecessary services, use a hardware firewall, plus Bastille for software firewalling and total system hardening, plus Portsentry.

 

I'm not nearly as worried about patching up the system for security as keeping out the wolves in the first place. After all, you can only write and apply security patches for known holes. That won't protect you if a hacker finds the hole first.