A simple firewall config will be all you need. I'd suggest using "firehol" it makes the creation of an IPTables firewall simple and easy to understand. http://firehol.sf.net
You can setup firehol on individual machines, or on a router machine. I'd suggest running it on your router at home, it just uses iptables (older linux firewalls use ipchains) and takes only minutes to setup yet is much easier to maintain than a "raw" iptables firewall. (approx 100 line firehol config generates a 500 line iptables config for our router at work) Good good on using sudo, there are other ways to do it such as adding the user to the "dialout" group or something, but sudo is a perfectly acceptable way to do things. Just make sure you - BAD sudo way (fine if you only want win95 level security) user ALL=(ALL) NOPASSWD: ALL -GOOD sudo way user,user2,user3 ALL = PASSWD: /usr/bin/apt-get, /usr/bin/dpkg user,user2,user3 ALL = NOPASSWD: /usr/sbin/pppd As for dial on demand, it can be a real pain at times from my experience. Having a button on a taskbar somewhere that you can just click is easier. I'm a fan of using wconnect/connectd for dialup access on a network rather than diald. On Wed, 15 Sep 2004 10:08:01 +1200, Andrew Errington <[EMAIL PROTECTED]> wrote: > Hi, > > I am proposing to set up a Debian based laptop for a friend. All they need > is email and web from a dial-up ISP, so a fairly low-spec PC with KDE from > Debian stable is adequate. > > I have set up kppp on my laptop, which is similar to one I will get. To > make it work I had to install 'sudo', so that an ordinary user can run kppp > as root, and I had to remove 'auth' from /etc/ppp/options > > Anyway, that works fine, and kppp will dial up when I press a button, and > disconnect when I press another button. I think I would prefer > dial-on-demand though, so I am going to try the instructions here: > > http://www.davidpashley.com/tutorials/wvdial-pppd-dod.html > > At home I am on cable, and I have a router box that basically acts as my > firewall. I have no 'protection' on any of the machines on my home > network, and I rely on the router for this. > > What should I do to get the appropriate level of protection when I connect > directly to the internet with a modem? My friend will not need to run any > servers (e.g. ftp or web), but I would like them to have an ssh server so I > can get in and administer the box. > > Thanks for any advice, > > Andy > -- Regards, Sascha
