Firewall Wizards mailing list archives
Re: Securing a Linux Firewall
From: Brian Hatch <firewall-wizards () ifokr org>
Date: Tue, 23 Jul 2002 08:55:49 -0700
I have a computer set up for the exclusive use as a gateway/firewall running IPChains. I would like to know if I can safely shut down the rpc.statd service. According to the man page, " It is used by the NFS file locking service, rpc.lockd, to implement lock recovery when the NFS server machine crashes and reboots." Since I am not using NFS (or at least I believe I am not; the firewall is the only *nix computer on the network, and isn't used for file sharing) can I safely turn this off? I have read that turning off unneeded services is needed to secure a linux box, which is doubly a concern with a firewall.
Can? Yes. Should? Definately. Post-haste. Shut it and everything else down. When you're done, you should have no network services except SSH available (both TCP and UDP - check both). And even SSH should be allowed (via your ipchains rules) only from a few administrative hosts. However you may find using a 2.4 kernel will offer you a much more robust firewall/filtering mechanism using iptables (netfilter) instead of ipchains. -- Brian Hatch FATAL ERROR: Systems and x86 architecture found. Security Engineer www.hackinglinuxexposed.com Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- Securing a Linux Firewall Marc DVer (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall R. DuFresne (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
- Re: Securing a Linux Firewall Carson Gaspar (Jul 23)
- Re: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Mordechai T. Abzug (Jul 23)
- Re: Securing a Linux Firewall Frank Knobbe (Jul 23)
- Re: Securing a Linux Firewall Ng Pheng Siong (Jul 24)
- Re: Securing a Linux Firewall Carson Gaspar (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)