Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Safe to disable iptables service?

    I am trying to fine tune my installation of FC7 and am disabling start-up services that I don't use.

    I have a Linksys WRT54GC Router and I have all the security options enabled (SPI Firewall, Block Anonymous Requests, Filter Multicast, and Filter NAT Redirection). Do I still need to run iptables software firewall? Should I still run it?

    Now, please correct me if I am wrong, but the router acts as a hardware firewall, right? Any advice on this would be appreciated.

  2. #2
    I'd leave it running. It doesn't hurt anything, and it makes your computer more secure. But that's just me.

  3. #3
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Short answer is: It's probably ok to shut off iptables in your case. Leaving it on would add only negligible overhead, though.

    Longer answer is:

    1. Remember that you will be relying on a proprietary hardware router/NAT device to keep you safe. It's probably fine, but worth noting. You'll want to watch the support page for any firmware updates (security related), and be careful about how you configure it. The device is probably not a true packet filtering firewall, but even if all it provides is NAT, it's nice to not have a network interface from your workstation facing the outside world.

    2. I haven't looked at any Fedora releases since v5, but I seem to remember that they turn on an abundance of unnecessary services (like many Linux distros) following a default installation. Have a look at the output of:
    # netstat -atunp
    You might be surprised by how many services are sitting around waiting for tcp/udp connections. This could come to bite you if a) you don't turn them off; b) your router/NAT device is ever bypassed somehow.

    3. Finally, this is something of a philosophical question. If I have no services listening on an external interface, should I run a packet filtering firewall? One party says: "No. Not necessary." Another party says: "It doesn't really hurt. Follow the security in layers approach."

  4. $spacer_open
  5. #4
    I think I will leave it running just in case. Thanks for your replies.

    I seem to remember that they turn on an abundance of unnecessary services (like many Linux distros) following a default installation
    In the course of my tune-up this morning I stopped and disabled 22 services that were enabled in the default installation that I didn't need.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts