Results 1 to 4 of 4
I am trying to fine tune my installation of FC7 and am disabling start-up services that I don't use. I have a Linksys WRT54GC Router and I have all the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-30-2007 #1
Safe to disable iptables service?
I am trying to fine tune my installation of FC7 and am disabling start-up services that I don't use.
I have a Linksys WRT54GC Router and I have all the security options enabled (SPI Firewall, Block Anonymous Requests, Filter Multicast, and Filter NAT Redirection). Do I still need to run iptables software firewall? Should I still run it?
Now, please correct me if I am wrong, but the router acts as a hardware firewall, right? Any advice on this would be appreciated.
- 06-30-2007 #2
I'd leave it running. It doesn't hurt anything, and it makes your computer more secure. But that's just me.Dan
- 06-30-2007 #3
Short answer is: It's probably ok to shut off iptables in your case. Leaving it on would add only negligible overhead, though.
Longer answer is:
1. Remember that you will be relying on a proprietary hardware router/NAT device to keep you safe. It's probably fine, but worth noting. You'll want to watch the support page for any firmware updates (security related), and be careful about how you configure it. The device is probably not a true packet filtering firewall, but even if all it provides is NAT, it's nice to not have a network interface from your workstation facing the outside world.
2. I haven't looked at any Fedora releases since v5, but I seem to remember that they turn on an abundance of unnecessary services (like many Linux distros) following a default installation. Have a look at the output of:
# netstat -atunp
You might be surprised by how many services are sitting around waiting for tcp/udp connections. This could come to bite you if a) you don't turn them off; b) your router/NAT device is ever bypassed somehow.
3. Finally, this is something of a philosophical question. If I have no services listening on an external interface, should I run a packet filtering firewall? One party says: "No. Not necessary." Another party says: "It doesn't really hurt. Follow the security in layers approach."
- 06-30-2007 #4
I think I will leave it running just in case. Thanks for your replies.
I seem to remember that they turn on an abundance of unnecessary services (like many Linux distros) following a default installation