On 02/12/2016 01:34 PM, Rick Stevens wrote:
Carrying that further, set up the firewall to block all incoming traffic initially and use "DROP" as the target--NOT "REJECT". The reason to use DROP is that "REJECT" actually returns a response to a probe which essentially says "Yeah, there's a machine here, but I'm not interested in you". That makes you a target for DDOS or script-kiddie break-in attempts. "DROP" just drops the packets with no response so your machine appears to not be there at all.
If you want to find out just how secure you are, here's a good place to test your firewall: https://www.grc.com/x/ne.dll?bh0bkyd2
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org