I run a firewall on my laptop. When I'm inside my lan, or at home on cable or at the university it all works the same. I allow ssh into my laptop if it is coming from a 10.x network (ie only my internal lan, when I'm there). It is possible, and recommended as making the internal network secure is always recommended (and usually the most difficult). Use stateful firewalling (ie iptables for linux). What you described next, portsentry will do, however I would use caution with that. You don't really know if the packets that are coming to your are from where they say you are. If your firewall is automatically and permantently denying packets from IPs who have given you suspicious activity in the past, then someone can easily deny your access to all over the internet by sending you spoofed portscans or probes. You can also use iplogger to detect connections to your ports, however I haven't had much success with it because my kernel drops the packets before it even gets to iplogger. ;( On Thu, Aug 09, 2001 at 11:43:25AM -0700, Rob Hudson wrote: > Is it possible and/or recommended to run firewalling rules on a local > box? I mean, in order to lock down the ports that you don't use and > that are < 1024? Right now I'm behind a firewall, but if this system > moves out to the wide open net (maybe sometime in the next few > months), I'd like to have it a little more secure. Of course I've > shut up my inetd.conf for the services I don't use, but what about > knowing when a portscan is done and then denying any and all packets > from that IP in the future? > > Oh, and our leader, Seth Cohn, posted an article. I like the idea. > Turn off webpages, sendmail, etc, and on and on on a certain date in > protest of DMCA et al. How many people here (and advogato readers) > have root? Hehe. > > http://www.advogato.org/article/319.html > > -Rob >
