Florian Zschocke writed (at Tue, Jul 30, 2002 at 08:38:03PM +0200): > James Bourke wrote: > > > > 1. DO NOT RUN: ftp, irc, bind, pop, or any other unnecessary service > > on a gaming machine. Run sshd on the gaming server and put the other > > processes on another machine. > [...] > > 3. Use ipchains or iptables to block everything you do not > > absolutely need. > > I'll never understand why people do this. If you don't need a > service and don't have a daemon running for it, then why do you > need a packetfilter? Somebody once said "packetfilters are for > lazy admins" and he is right in the vast majority of cases. :) > > BTW, if you need the FTP access only for you, you should use sftp.
Installing a packet filter is just another measure. If someone hacked in (as in this example) and started a service on port 31337 or whatever that was an fsp server, for example, your packet filtering (if he didn't change it) would stop it from being used. I agree that it's stupid to run services that you don't need, whether or not you run packet filtering to block them, but it never hurts to add another layer of security. -- -- Casey Zacek (Zippo) Beer for Breakfast servers <http://bfb.bogleg.org/> 209.41.98.2:27016 (CS multi-map) 209.41.98.2:27015 (DoD) 209.41.98.2:27017 (CS militia/dust2) Dallas, TX _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
