Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Introductory reading on firewall/iptables/etc for new Debian user?
12 views
Skip to first unread message
Richard Owlett
Apr 23, 2013, 10:30:03 AM4/23/13
to
I will be using email, Usenet, browser and occasionally file
downloading.
Nothing on my system should look/act like a server.
I want all programs to access the internet after explicitly
asking for permission.
The response to the request may be:
No
Always YES
Ask each occurrence
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/51769A81...@cloud85.net
downloading.
Nothing on my system should look/act like a server.
I want all programs to access the internet after explicitly
asking for permission.
The response to the request may be:
No
Always YES
Ask each occurrence
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/51769A81...@cloud85.net
Richard Owlett
Apr 23, 2013, 11:10:01 AM4/23/13
to
Dan Ritter wrote:
> they are connected, and report failures when they can't make
> connections.
>
> I suppose that you could write a wrapper script for every
> program, so that if you invoke it through the wrapper you have
> opened the necessary ports, and if you invoke the program
> without the wrapper the connections are dropped. However, while
> the wrapper is being run, any copy of the program could have
> the same permissions.
>
> On Android systems, this issue is slightly addressed (though not
> in the manner you want) by having a new user added for every
> program, and running each program under that user-id. Since
> iptables can look at effective user-id when making packet
> accept/drop decisions, you can do per-program firewalls that
> way.
>
> By the way, you have an unusually brusque way of stating
> conditions rather than asking questions, which comes across as
> slightly rude.
>
> -dsr-
>
Apologies, I've just been chastised by relatives and friends
for going in the other direction.
I was trying to make clear I want only minimal connectivity.
As to the per program feature, I want to prevent an app from
deciding to update on its schedule not mine. I'm restricted
to dial-up so I need to be able to ration a scarce resource,
i.e. connectivity.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/5176A36A...@cloud85.net
> On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
>> I will be using email, Usenet, browser and occasionally file
>> downloading.
>> Nothing on my system should look/act like a server.
>> I want all programs to access the internet after explicitly asking
>> for permission.
>> The response to the request may be:
>> No
>> Always YES
>> Ask each occurrence
>
> Programs don't generally ask for permissions; they assume that
>> I will be using email, Usenet, browser and occasionally file
>> downloading.
>> Nothing on my system should look/act like a server.
>> I want all programs to access the internet after explicitly asking
>> for permission.
>> The response to the request may be:
>> No
>> Always YES
>> Ask each occurrence
>
> they are connected, and report failures when they can't make
> connections.
>
> I suppose that you could write a wrapper script for every
> program, so that if you invoke it through the wrapper you have
> opened the necessary ports, and if you invoke the program
> without the wrapper the connections are dropped. However, while
> the wrapper is being run, any copy of the program could have
> the same permissions.
>
> On Android systems, this issue is slightly addressed (though not
> in the manner you want) by having a new user added for every
> program, and running each program under that user-id. Since
> iptables can look at effective user-id when making packet
> accept/drop decisions, you can do per-program firewalls that
> way.
>
> By the way, you have an unusually brusque way of stating
> conditions rather than asking questions, which comes across as
> slightly rude.
>
> -dsr-
>
Apologies, I've just been chastised by relatives and friends
for going in the other direction.
I was trying to make clear I want only minimal connectivity.
As to the per program feature, I want to prevent an app from
deciding to update on its schedule not mine. I'm restricted
to dial-up so I need to be able to ration a scarce resource,
i.e. connectivity.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Dan Ritter
Apr 23, 2013, 11:10:03 AM4/23/13
to
On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
> I will be using email, Usenet, browser and occasionally file
> downloading.
> Nothing on my system should look/act like a server.
> I want all programs to access the internet after explicitly asking
> for permission.
> The response to the request may be:
> No
> Always YES
> Ask each occurrence
> downloading.
> Nothing on my system should look/act like a server.
> I want all programs to access the internet after explicitly asking
> for permission.
> The response to the request may be:
> No
> Always YES
> Ask each occurrence
Programs don't generally ask for permissions; they assume that
they are connected, and report failures when they can't make
connections.
I suppose that you could write a wrapper script for every
program, so that if you invoke it through the wrapper you have
opened the necessary ports, and if you invoke the program
without the wrapper the connections are dropped. However, while
the wrapper is being run, any copy of the program could have
the same permissions.
On Android systems, this issue is slightly addressed (though not
in the manner you want) by having a new user added for every
program, and running each program under that user-id. Since
iptables can look at effective user-id when making packet
accept/drop decisions, you can do per-program firewalls that
way.
By the way, you have an unusually brusque way of stating
conditions rather than asking questions, which comes across as
slightly rude.
-dsr-
they are connected, and report failures when they can't make
connections.
I suppose that you could write a wrapper script for every
program, so that if you invoke it through the wrapper you have
opened the necessary ports, and if you invoke the program
without the wrapper the connections are dropped. However, while
the wrapper is being run, any copy of the program could have
the same permissions.
On Android systems, this issue is slightly addressed (though not
in the manner you want) by having a new user added for every
program, and running each program under that user-id. Since
iptables can look at effective user-id when making packet
accept/drop decisions, you can do per-program firewalls that
way.
By the way, you have an unusually brusque way of stating
conditions rather than asking questions, which comes across as
slightly rude.
-dsr-
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/20130423144...@randomstring.org
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Lisi Reisz
Apr 23, 2013, 11:20:01 AM4/23/13
to
On Tuesday 23 April 2013 16:06:18 Richard Owlett wrote:
> I want to prevent an app from
> deciding to update on its schedule not mine.
I don't have any applications set to update automatically. That is the simple
> I want to prevent an app from
> deciding to update on its schedule not mine.
solution to that problem!
Lisi
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jochen Spieker
Apr 23, 2013, 11:20:02 AM4/23/13
to
Richard Owlett:
> I was trying to make clear I want only minimal connectivity.
> As to the per program feature, I want to prevent an app from
> deciding to update on its schedule not mine. I'm restricted to
> dial-up so I need to be able to ration a scarce resource, i.e.
> connectivity.
Oh, so your request is actually about outbound traffic, not (only)
inbound. I don't think this is currently feasible with Linux.
J.
--
I can tell a Whopper[tm] from a BigMac[tm] and Coke[tm] from Pepsi[tm].
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
>
> Apologies, I've just been chastised by relatives and friends for
> going in the other direction.
Never mind.
> Apologies, I've just been chastised by relatives and friends for
> going in the other direction.
> I was trying to make clear I want only minimal connectivity.
> As to the per program feature, I want to prevent an app from
> deciding to update on its schedule not mine. I'm restricted to
> dial-up so I need to be able to ration a scarce resource, i.e.
> connectivity.
inbound. I don't think this is currently feasible with Linux.
J.
--
I can tell a Whopper[tm] from a BigMac[tm] and Coke[tm] from Pepsi[tm].
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Lisi Reisz
Apr 23, 2013, 11:20:02 AM4/23/13
to
On Tuesday 23 April 2013 15:43:23 Dan Ritter wrote:
> On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
> > I will be using email, Usenet, browser and occasionally file
> > downloading.
> > Nothing on my system should look/act like a server.
> > I want all programs to access the internet after explicitly asking
> > for permission.
> > The response to the request may be:
> > No
> > Always YES
> > Ask each occurrence
>
> Programs don't generally ask for permissions; they assume that
> they are connected, and report failures when they can't make
> connections.
I have come across several Windows firewalls which ask exactly that. I
> On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
> > I will be using email, Usenet, browser and occasionally file
> > downloading.
> > Nothing on my system should look/act like a server.
> > I want all programs to access the internet after explicitly asking
> > for permission.
> > The response to the request may be:
> > No
> > Always YES
> > Ask each occurrence
>
> Programs don't generally ask for permissions; they assume that
> they are connected, and report failures when they can't make
> connections.
imagine that that is what Richard is thinking of. Personally, I have never
come across that in Linux.
[snip]
> By the way, you have an unusually brusque way of stating
> conditions rather than asking questions, which comes across as
> slightly rude.
than a statement. I think that he is asking us to recommend some reading
matter.
Lisi
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jochen Spieker
Apr 23, 2013, 11:20:02 AM4/23/13
to
Richard Owlett:
(or was) common on Windows.
What problem do you want to solve? The security gain of this approach is
very small. The nearest solution is to setup iptables to reject incoming
connection attempts. Doing that manually requires basic knowledge about
TCP/IP. There are frontends that may help you. The package 'gufw' is
probably close to that you would expect.
(And yes, your e-mail sounds rather brusque. And since you didn't
actually ask a question, it is hard to give a meaningful answer.)
J.
--
I wish I looked more like a successful person even though I'm a loser.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
>
> I will be using email, Usenet, browser and occasionally file
> downloading.
> Nothing on my system should look/act like a server.
> I want all programs to access the internet after explicitly asking
> for permission.
> The response to the request may be:
> No
> Always YES
> Ask each occurrence
This sounds like you want some kind of "personal firewall" like it is
> I will be using email, Usenet, browser and occasionally file
> downloading.
> Nothing on my system should look/act like a server.
> I want all programs to access the internet after explicitly asking
> for permission.
> The response to the request may be:
> No
> Always YES
> Ask each occurrence
(or was) common on Windows.
What problem do you want to solve? The security gain of this approach is
very small. The nearest solution is to setup iptables to reject incoming
connection attempts. Doing that manually requires basic knowledge about
TCP/IP. There are frontends that may help you. The package 'gufw' is
probably close to that you would expect.
(And yes, your e-mail sounds rather brusque. And since you didn't
actually ask a question, it is hard to give a meaningful answer.)
J.
--
I wish I looked more like a successful person even though I'm a loser.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Darac Marjal
Apr 23, 2013, 11:30:02 AM4/23/13
to
On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
> I will be using email, Usenet, browser and occasionally file
> downloading.
> Nothing on my system should look/act like a server.
> I want all programs to access the internet after explicitly asking
> for permission.
> The response to the request may be:
> No
> Always YES
> Ask each occurrence
Have a look at mason and firestarter. Both allow you to set up your
> downloading.
> Nothing on my system should look/act like a server.
> I want all programs to access the internet after explicitly asking
> for permission.
> The response to the request may be:
> No
> Always YES
> Ask each occurrence
firewall in a "training" mode and will ask you "Should I allow this
connection?" Mason is TUI-based, Firestarter is a GTK GUI.
Wayne Topa
Apr 23, 2013, 11:40:02 AM4/23/13
to
Don't install that.
When I was on dial up I tried a number of firewalls and found that the
arno-iptables-firewall was the best for me. So much so I am still using
it now on Verizon 3g. YMMV.
HTH
--
WT
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Richard Owlett
Apr 23, 2013, 12:40:03 PM4/23/13
to
material.
The body of the message was to attempt to indicate areas I
knew would be important to me.
I couldn't ask a specific question as I don't know anything
about it in the Linux world.
And yes I have found certain features useful the Windows
firewalls I've used and liked.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Lisi Reisz
Apr 23, 2013, 1:00:02 PM4/23/13
to
On Tuesday 23 April 2013 17:32:34 Richard Owlett wrote:
> I couldn't ask a specific question as I don't know anything
> about it in the Linux world.
The problem is, if you don't ask a specific question, we cannot give a
> I couldn't ask a specific question as I don't know anything
> about it in the Linux world.
specific answer. The result of what you did "ask" is that you have had quite
a bit of advice on which firewall to use, and none whatsoever on which books
to read.
Have you got access to a library? Or a bookshop? Why not browse a bit and
see what you want. You can then ask more meaningful questions.
Lisi
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jochen Spieker
Apr 23, 2013, 2:20:01 PM4/23/13
to
Richard Owlett:
> The body of the message was to attempt to indicate areas I knew
> would be important to me.
> I couldn't ask a specific question as I don't know anything about it
> in the Linux world.
It really depends on how deep you want to dig into the topic. For
security purposes, you should definitely learn basics of networking
(ports, IP addresses, routing etc). This knowledge is generally
indepentend of the operating system. You can then go ahead and learn
about iptables which is used in the Linux kernel for packet filtering
and manipulation
For the purpose yo described you don't need to know anything about that.
Only that apparently nobody on this list knows a program that can do
what you know from Windows.
> And yes I have found certain features useful the Windows firewalls
> I've used and liked.
If you don't rely on them as security tools, they may help, yes.
But I still don't completely understand your situation. You said you are
on dialup and want to prevent unnecessary traffic. Can't you just
disable auto-dialling? Which specific programs use the network without
your consent?
J.
--
I have been manipulated and permanently distorted.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
> Lisi Reisz wrote:
>>
>> Also, I had to do a double take to work out which bit was a question, rather
>> than a statement. I think that he is asking us to recommend some reading
>> matter.
>>
>
> I intended the subject line to convey request for reading material.
Hrmmh, it appears I didn't pay much attention to the subject.
>>
>> Also, I had to do a double take to work out which bit was a question, rather
>> than a statement. I think that he is asking us to recommend some reading
>> matter.
>>
>
> I intended the subject line to convey request for reading material.
> The body of the message was to attempt to indicate areas I knew
> would be important to me.
> I couldn't ask a specific question as I don't know anything about it
> in the Linux world.
security purposes, you should definitely learn basics of networking
(ports, IP addresses, routing etc). This knowledge is generally
indepentend of the operating system. You can then go ahead and learn
about iptables which is used in the Linux kernel for packet filtering
and manipulation
For the purpose yo described you don't need to know anything about that.
Only that apparently nobody on this list knows a program that can do
what you know from Windows.
> And yes I have found certain features useful the Windows firewalls
> I've used and liked.
But I still don't completely understand your situation. You said you are
on dialup and want to prevent unnecessary traffic. Can't you just
disable auto-dialling? Which specific programs use the network without
your consent?
J.
--
I have been manipulated and permanently distorted.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Chris Bannister
Apr 23, 2013, 6:20:02 PM4/23/13
to
On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
> I will be using email, Usenet, browser and occasionally file
> downloading.
> Nothing on my system should look/act like a server.
> I want all programs to access the internet after explicitly asking
> for permission.
> The response to the request may be:
> No
> Always YES
> Ask each occurrence
Are you sure you are "looking" at this in the right way? e.g. :
> downloading.
> Nothing on my system should look/act like a server.
> I want all programs to access the internet after explicitly asking
> for permission.
> The response to the request may be:
> No
> Always YES
> Ask each occurrence
http://www.perlmonks.org/?node_id=542341
http://unix.stackexchange.com/questions/30583/why-do-we-need-a-firewall-if-no-programs-are-running-on-your-ports
http://wiki.debian.org/Firewalls
http://www.techsupportforum.com/forums/f139/is-a-firewall-necessary-408049.html
http://www.firewallinformation.com/
http://www.ask.com/question/why-is-a-firewall-necessary
http://wiki.answers.com/Q/What_is_a_firewall_and_why_is_it_necessary
http://computertutorflorida.com/2011/09/is-a-firewall-necessary/
http://www.techsupportalert.com/freeware-forum/security/9806-firewall-not-needed.html
http://askubuntu.com/questions/26736/is-a-firewall-really-necessary-these-days
You may want to look at shorewall, if you decide you need one.
http://en.wikipedia.org/wiki/Shorewall
http://www.shorewall.net/shorewall_features.htm
http://www.shorewall.net/GettingStarted.html
http://wiki.debian.org/HowTo/shorewall
http://www.linux.org/article/view/shorewall-your-friendly-firewall-part-1-installation-and-basic-configuration-
When I had shorewall running the console was flooded with messages about
access attempts.
root@tal:~# less /etc/sysctl.conf
...
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
...
--
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the
oppressing." --- Malcolm X
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Charles Kroeger
Apr 23, 2013, 7:50:03 PM4/23/13
to
On Wed, 24 Apr 2013 00:20:02 +0200
Chris Bannister <cbann...@slingshot.co.nz> wrote:
> When I had shorewall running the console was flooded with messages about
> access attempts.
I like shorewall, lots of separate configurable files, or if you're lazy just run
Chris Bannister <cbann...@slingshot.co.nz> wrote:
> When I had shorewall running the console was flooded with messages about
> access attempts.
it configured by way of example files that come with it. Shorewall won't stealth
your machine but announces that port 0 and 1 are closed..I think that's rather
stylish. Your machine is telling the Internet it's there, but you're not getting in.
--
CK
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Richard Owlett
Apr 24, 2013, 6:00:02 AM4/24/13
to
Jochen Spieker wrote:
> [snip]
Adobe Reader wants to update itself and I haven't found a
way to disable it. If view pdf with it when I also happen be
connected it just barges in and consumes my bandwidth.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/5177AAB8...@cloud85.net
> [snip]
>
> But I still don't completely understand your situation. You said you are
> on dialup and want to prevent unnecessary traffic. Can't you just
> disable auto-dialling? Which specific programs use the network without
> your consent?
>
Auto dialing has been disabled for years ;)
> But I still don't completely understand your situation. You said you are
> on dialup and want to prevent unnecessary traffic. Can't you just
> disable auto-dialling? Which specific programs use the network without
> your consent?
>
Adobe Reader wants to update itself and I haven't found a
way to disable it. If view pdf with it when I also happen be
connected it just barges in and consumes my bandwidth.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Ralf Mardorf
Apr 24, 2013, 6:20:01 AM4/24/13
to
A little bit OT:
On Wed, 2013-04-24 at 04:49 -0500, Richard Owlett wrote:
> Adobe Reader
Why not using document viewer, aka Evince or something else? I'm not
against proprietary software, drivers etc., but I'm using Linux for good
reasons and I don't know why I should install any software from Adobe.
Flash 11.2 is outdated, current version is 11.7 and even Firfox already
does play many flash stuff without a plugin. Adobe reader easily can be
replaced. IIRC somebody once mentioned an option that might be not
available by Evince, but IIRC by some other FLOSS app.
Is there a reason to use Adobe Reader?
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/1366798270.699.122.camel@archlinux
On Wed, 2013-04-24 at 04:49 -0500, Richard Owlett wrote:
> Adobe Reader
Why not using document viewer, aka Evince or something else? I'm not
against proprietary software, drivers etc., but I'm using Linux for good
reasons and I don't know why I should install any software from Adobe.
Flash 11.2 is outdated, current version is 11.7 and even Firfox already
does play many flash stuff without a plugin. Adobe reader easily can be
replaced. IIRC somebody once mentioned an option that might be not
available by Evince, but IIRC by some other FLOSS app.
Is there a reason to use Adobe Reader?
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jochen Spieker
Apr 24, 2013, 6:20:02 AM4/24/13
to
Richard Owlett:
:)
But I understand a global solution for all applications would be
preferrable.
J.
--
I often blame my shortcomings on my upbringing.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
>
> Adobe Reader wants to update itself and I haven't found a way to
> disable it. If view pdf with it when I also happen be connected it
> just barges in and consumes my bandwidth.
http://helpx.adobe.com/acrobat/kb/disable-automatic-updates-acrobat-reader.html
> Adobe Reader wants to update itself and I haven't found a way to
> disable it. If view pdf with it when I also happen be connected it
> just barges in and consumes my bandwidth.
:)
But I understand a global solution for all applications would be
preferrable.
J.
--
I often blame my shortcomings on my upbringing.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Richard Owlett
Apr 24, 2013, 6:30:01 AM4/24/13
to
Chris Bannister wrote:
> On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
>> I will be using email, Usenet, browser and occasionally file
>> downloading.
>> Nothing on my system should look/act like a server.
>> I want all programs to access the internet after explicitly asking
>> for permission.
>> The response to the request may be:
>> No
>> Always YES
>> Ask each occurrence
>
> Are you sure you are "looking" at this in the right way? e.g. :
> http://www.perlmonks.org/?node_id=542341
I wasn't specifying "how" but "end result".
> On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
>> I will be using email, Usenet, browser and occasionally file
>> downloading.
>> Nothing on my system should look/act like a server.
>> I want all programs to access the internet after explicitly asking
>> for permission.
>> The response to the request may be:
>> No
>> Always YES
>> Ask each occurrence
>
> Are you sure you are "looking" at this in the right way? e.g. :
> http://www.perlmonks.org/?node_id=542341
Rephrased "A program shall not unexpectedly communicate with
outside world."
>
> http://unix.stackexchange.com/questions/30583/why-do-we-need-a-firewall-if-no-programs-are-running-on-your-ports
> http://wiki.debian.org/Firewalls
> http://www.techsupportforum.com/forums/f139/is-a-firewall-necessary-408049.html
> http://www.firewallinformation.com/
> http://www.ask.com/question/why-is-a-firewall-necessary
> http://wiki.answers.com/Q/What_is_a_firewall_and_why_is_it_necessary
> http://computertutorflorida.com/2011/09/is-a-firewall-necessary/
> http://www.techsupportalert.com/freeware-forum/security/9806-firewall-not-needed.html
> http://askubuntu.com/questions/26736/is-a-firewall-really-necessary-these-days
>
> You may want to look at shorewall, if you decide you need one.
> http://en.wikipedia.org/wiki/Shorewall
> http://www.shorewall.net/shorewall_features.htm
> http://www.shorewall.net/GettingStarted.html
> http://wiki.debian.org/HowTo/shorewall
> http://www.linux.org/article/view/shorewall-your-friendly-firewall-part-1-installation-and-basic-configuration-
>
>
>
> When I had shorewall running the console was flooded with messages about
> access attempts.
>
> root@tal:~# less /etc/sysctl.conf
> ...
> # Uncomment the following to stop low-level messages on console
> #kernel.printk = 3 4 1 3
> ...
>
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/5177B34A...@cloud85.net
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Richard Owlett
Apr 24, 2013, 6:50:01 AM4/24/13
to
Ralf Mardorf wrote:
> A little bit OT:
>
> On Wed, 2013-04-24 at 04:49 -0500, Richard Owlett wrote:
>> Adobe Reader
>
> Why not using document viewer, aka Evince or something else? I'm not
> against proprietary software, drivers etc., but I'm using Linux for good
> reasons and I don't know why I should install any software from Adobe.
> Flash 11.2 is outdated, current version is 11.7 and even Firfox already
> does play many flash stuff without a plugin. Adobe reader easily can be
> replaced. IIRC somebody once mentioned an option that might be not
> available by Evince, but IIRC by some other FLOSS app.
>
> Is there a reason to use Adobe Reader?
One thing perhaps wasn't clear. I was referring to my
> A little bit OT:
>
> On Wed, 2013-04-24 at 04:49 -0500, Richard Owlett wrote:
>> Adobe Reader
>
> Why not using document viewer, aka Evince or something else? I'm not
> against proprietary software, drivers etc., but I'm using Linux for good
> reasons and I don't know why I should install any software from Adobe.
> Flash 11.2 is outdated, current version is 11.7 and even Firfox already
> does play many flash stuff without a plugin. Adobe reader easily can be
> replaced. IIRC somebody once mentioned an option that might be not
> available by Evince, but IIRC by some other FLOSS app.
>
> Is there a reason to use Adobe Reader?
Windows experience. I'm using an _older_ copy of Ghostview
as my primary viewer and occasionally I need an Adobe
feature. I have been holding off selecting a new viewer
until I complete my move to Debian.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Richard Owlett
Apr 24, 2013, 7:20:02 AM4/24/13
to
Jochen Spieker wrote:
> Richard Owlett:
>>
>> Adobe Reader wants to update itself and I haven't found a way to
>> disable it. If view pdf with it when I also happen be connected it
>> just barges in and consumes my bandwidth.
>
> http://helpx.adobe.com/acrobat/kb/disable-automatic-updates-acrobat-reader.html
> :)
>
BUT there be gotcha.
> Richard Owlett:
>>
>> Adobe Reader wants to update itself and I haven't found a way to
>> disable it. If view pdf with it when I also happen be connected it
>> just barges in and consumes my bandwidth.
>
> http://helpx.adobe.com/acrobat/kb/disable-automatic-updates-acrobat-reader.html
> :)
>
I've the free version of 9.00. Listed option to disable
updating not available.
> But I understand a global solution for all applications would be
> preferrable.
>
> J.
>
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/5177BE4...@cloud85.net
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Lisi Reisz
Apr 24, 2013, 7:40:01 AM4/24/13
to
On Wednesday 24 April 2013 12:13:07 Richard Owlett wrote:
> I've the free version of 9.00. Listed option to disable
> updating not available.
I have never noticed my free version of 9 updating itself. :-/
> I've the free version of 9.00. Listed option to disable
> updating not available.
Lisi
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Lisi Reisz
Apr 24, 2013, 11:20:02 AM4/24/13
to
On Wednesday 24 April 2013 12:13:07 Richard Owlett wrote:
> I've the free version of 9.00. Listed option to disable
> updating not available.
The Linux version of 9 (I have 9.5.4) has nothing at all of any kind about
> updating not available.
updating. So far as I can see it is not an option. Are you sure that you
are not thinking of Windows? You do appear to confuse them sometimes.
You might find things simpler if you stopped trying to replicate your Windows
set-up in Linux. If Windows is exactly what you want, then use Windows.
Why not get something like "Linux for Dummies" or "The Debian Bible" and do
some basic reading? Linux for Dummies is not entirely accurate, but it is
quite a good starting off point to get an overall view.
Lisi
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Charles Kroeger
Apr 25, 2013, 12:00:02 PM4/25/13
to
On Wed, 24 Apr 2013 13:40:01 +0200
Lisi Reisz <lisi....@gmail.com> wrote:
> I have never noticed my free version of 9 updating itself. :-/
That's good, it won't. If you occasionally try:
Lisi Reisz <lisi....@gmail.com> wrote:
> I have never noticed my free version of 9 updating itself. :-/
#apt-get autoremove
you will probably see it is trying to rid itself of 'acroread' files. If you want
to upgrade Adobe reader you have to go and get the Debs from Adobe and
install them with dpkg:
# dpkg -i AdbeRdr9.5.4-1_i386linux_enu.deb (no x86_64 version available)
Since Linux seems to be the Adobe stepchild to the windows combine it is
only at the modest version of 9x..but works ok for me. This latest verson seems to
work without the Debian files so that's probably good. At any rate I let apt-get
remove them and Adobe reader still lives.
I don't particularly like having to use Adobe Reader but I got really fed up with
trying to print something from xpdf and went over to the beast.
--
CK ✌
Lisi Reisz
Apr 25, 2013, 12:10:03 PM4/25/13
to
On Thursday 25 April 2013 16:48:53 Charles Kroeger wrote:
> > I have never noticed my free version of 9 updating itself. :-/
>
> That's good, it won't. If you occasionally try:
Thanks for the reply, Charles!
> > I have never noticed my free version of 9 updating itself. :-/
>
> That's good, it won't. If you occasionally try:
I am quite happy with things as they are, for now. The OP was worried about
his copy of Acrobat Reader 9 on Linux updating itself automatically and
consuming his bandwidth.
I think the possibility of his Linux AR updating itself automatically is
vanishingly remote, and that he is probably muddling Windows up with Linux,
but I am not in a position to state categorically that AR in Linux _never_
updates itself! Hence my more guarded statement.
I imagine that he is trying to solve in Linux (unnecessarily) a problem he has
in Windows. That seems to be his whole approach.
Lisi
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Lisi Reisz
Apr 25, 2013, 12:30:02 PM4/25/13
to
On Wednesday 24 April 2013 11:40:17 Richard Owlett wrote:
> One thing perhaps wasn't clear. I was referring to my
> Windows experience
Sorry, Richard. :-( I didn't take in that you had actually _said_ that.
> Windows experience
You simply can't use your Windows experience to predict the problems that you
will have in Linux. They are different. If you really want to use Linux, I
think that you would do better just to take the plunge.
You are trying to solve problems which simply don't arise in Linux, so do not
need solving in Linux.
Lisi
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Richard Owlett
Apr 25, 2013, 12:40:02 PM4/25/13
to
Lisi Reisz wrote:
> On Wednesday 24 April 2013 11:40:17 Richard Owlett wrote:
>> One thing perhaps wasn't clear. I was referring to my
>> Windows experience
>
> Sorry, Richard. :-( I didn't take in that you had actually _said_ that.
>
> You simply can't use your Windows experience to predict the problems that you
> will have in Linux. They are different. If you really want to use Linux, I
> think that you would do better just to take the plunge.
<chuckle>
> On Wednesday 24 April 2013 11:40:17 Richard Owlett wrote:
>> One thing perhaps wasn't clear. I was referring to my
>> Windows experience
>
> Sorry, Richard. :-( I didn't take in that you had actually _said_ that.
>
> You simply can't use your Windows experience to predict the problems that you
> will have in Linux. They are different. If you really want to use Linux, I
> think that you would do better just to take the plunge.
I just have a different mindset than others. I've been known
to not only read instruction manuals, but to read them
before unpacking a new gadget.
People have been telling me to just "take the plunge" for
almost three years.
I think I'm happier for having looked for shoals first.
I've enjoyed the learning experience I've had.
I think I've said before "if retirement isn't for learning
something new, what use is it" ;)
>
> You are trying to solve problems which simply don't arise in Linux, so do not
> need solving in Linux.
>
> Lisi
>
>
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Lisi Reisz
Apr 25, 2013, 3:50:02 PM4/25/13
to
On Thursday 25 April 2013 17:39:14 Richard Owlett wrote:
> I think I'm happier for having looked for shoals first.
Looking for shoals is one thing. But you are creating them.
> I think I'm happier for having looked for shoals first.
And I always read manuals first. It isn't that unusual. ;-)
Lisi
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Charles Kroeger
Apr 26, 2013, 11:20:01 PM4/26/13
to
On Thu, 25 Apr 2013 18:10:03 +0200
Lisi Reisz <lisi....@gmail.com> wrote:
> That seems to be his whole approach.
Holistic maybe ☺
Lisi Reisz <lisi....@gmail.com> wrote:
> That seems to be his whole approach.
--
CK
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Richard Owlett
Apr 27, 2013, 8:20:01 AM4/27/13
to
Charles Kroeger wrote:
> On Thu, 25 Apr 2013 18:10:03 +0200
> Lisi Reisz <lisi....@gmail.com> wrote:
>
>> That seems to be his whole approach.
>
> Holistic maybe ☺
>
Yes, with a additional complication of keeping in mind
> On Thu, 25 Apr 2013 18:10:03 +0200
> Lisi Reisz <lisi....@gmail.com> wrote:
>
>> That seems to be his whole approach.
>
> Holistic maybe ☺
>
requirements of different sets of machines.
Requirements of Set A conflict with requirements of Set C.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jhon Edison Castañeda Lozano
Apr 27, 2013, 8:50:01 AM4/27/13
to
Hi!,
Read this documents http://www.pello.info/filez/firewall/iptables.html or this http://www.pello.info/filez/IPTABLES_en_21_segundos.html
Explained this quite practical examples.
The problem is that this in Spanish, but nothing that google translator can not fix.
Greetings.
Charles Kroeger wrote:
On Thu, 25 Apr 2013 18:10:03 +0200
Lisi Reisz <lisi....@gmail.com> wrote:
That seems to be his whole approach.
Holistic maybe ☺
Yes, with a additional complication of keeping in mind requirements of different sets of machines.
Requirements of Set A conflict with requirements of Set C.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/517BC09F...@cloud85.net
Richard Owlett
Apr 27, 2013, 9:20:02 AM4/27/13
to
Jhon Edison Castañeda Lozano wrote:
> Hi!,
>
> Read this documents
> http://www.pello.info/filez/firewall/iptables.html or this
> http://www.pello.info/filez/IPTABLES_en_21_segundos.html
>
> Explained this quite practical examples.
>
> The problem is that this in Spanish, but nothing that google
> translator can not fix.
>
> Greetings.
>
>
> Jhon Castañeda.
>
Thank you.
> Hi!,
>
> Read this documents
> http://www.pello.info/filez/firewall/iptables.html or this
> http://www.pello.info/filez/IPTABLES_en_21_segundos.html
>
> Explained this quite practical examples.
>
> The problem is that this in Spanish, but nothing that google
> translator can not fix.
>
> Greetings.
>
>
> Jhon Castañeda.
>
Where there are problems with Google's translation, there
are enough keywords and concepts to do a Google search.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/517BD050...@cloud85.net
Andrei POPESCU
Apr 28, 2013, 5:00:02 AM4/28/13
to
On Ma, 23 apr 13, 10:06:18, Richard Owlett wrote:
> Dan Ritter wrote:
> >
> Dan Ritter wrote:
> >
> >By the way, you have an unusually brusque way of stating
> >conditions rather than asking questions, which comes across as
> >slightly rude.
>
> >conditions rather than asking questions, which comes across as
> >slightly rude.
>
> Apologies, I've just been chastised by relatives and friends for
> going in the other direction.
> I was trying to make clear I want only minimal connectivity.
You probably already know this, but...
> going in the other direction.
> I was trying to make clear I want only minimal connectivity.
http://catb.org/~esr/faqs/smart-questions.html
Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Richard Owlett
Apr 28, 2013, 9:00:02 AM4/28/13
to
Andrei POPESCU wrote:
> On Ma, 23 apr 13, 10:06:18, Richard Owlett wrote:
>> Dan Ritter wrote:
>>>
>>> By the way, you have an unusually brusque way of stating
>>> conditions rather than asking questions, which comes across as
>>> slightly rude.
>>
>> Apologies, I've just been chastised by relatives and friends for
>> going in the other direction.
>> I was trying to make clear I want only minimal connectivity.
>
> You probably already know this, but...
> http://catb.org/~esr/faqs/smart-questions.html
>
> Kind regards,
> Andrei
>
I don't believe I've seen that particular FAQ before, but
> On Ma, 23 apr 13, 10:06:18, Richard Owlett wrote:
>> Dan Ritter wrote:
>>>
>>> By the way, you have an unusually brusque way of stating
>>> conditions rather than asking questions, which comes across as
>>> slightly rude.
>>
>> Apologies, I've just been chastised by relatives and friends for
>> going in the other direction.
>> I was trying to make clear I want only minimal connectivity.
>
> You probably already know this, but...
> http://catb.org/~esr/faqs/smart-questions.html
>
> Kind regards,
> Andrei
>
have read others addressing the same issue.
Part of the problem is when there is a clash of recommended
practices.
"Volume is not precision"
"Describe the goal, not the step"
"Describe the research you did to try and understand the
problem before you asked the question."
Part of the problem is that *nix is not an ideal fit to what
I wish to accomplish [Its multi-user/tasking nature seems to
create as many problems as it solves]. However Linux
(specifically the Debian flavor) offers the breadth of tools
and user acceptance required. A similar problem is described
in "How different is Ubuntu from Debian?"
{http://wiki.debian.org/FAQsFromDebianUser ;}
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Lisi Reisz
Apr 28, 2013, 11:10:03 AM4/28/13
to
On Sunday 28 April 2013 13:57:02 Richard Owlett wrote:
> Andrei POPESCU wrote:
> > On Ma, 23 apr 13, 10:06:18, Richard Owlett wrote:
> >> Dan Ritter wrote:
> >>> By the way, you have an unusually brusque way of stating
> >>> conditions rather than asking questions, which comes across as
> >>> slightly rude.
> >>
> >> Apologies, I've just been chastised by relatives and friends for
> >> going in the other direction.
> >> I was trying to make clear I want only minimal connectivity.
> >
> > You probably already know this, but...
> > http://catb.org/~esr/faqs/smart-questions.html
> Andrei POPESCU wrote:
> > On Ma, 23 apr 13, 10:06:18, Richard Owlett wrote:
> >> Dan Ritter wrote:
> >>> By the way, you have an unusually brusque way of stating
> >>> conditions rather than asking questions, which comes across as
> >>> slightly rude.
> >>
> >> Apologies, I've just been chastised by relatives and friends for
> >> going in the other direction.
> >> I was trying to make clear I want only minimal connectivity.
> >
> > You probably already know this, but...
> > http://catb.org/~esr/faqs/smart-questions.html
> I don't believe I've seen that particular FAQ before, but
> have read others addressing the same issue.
>
> Part of the problem is when there is a clash of recommended
> practices.
> "Volume is not precision"
> "Describe the goal, not the step"
> "Describe the research you did to try and understand the
> problem before you asked the question."
>
> Part of the problem is that *nix is not an ideal fit to what
> I wish to accomplish
What do you wish to accomplish?
> have read others addressing the same issue.
>
> Part of the problem is when there is a clash of recommended
> practices.
> "Volume is not precision"
> "Describe the goal, not the step"
> "Describe the research you did to try and understand the
> problem before you asked the question."
>
> Part of the problem is that *nix is not an ideal fit to what
> I wish to accomplish
Lisi
> [Its multi-user/tasking nature seems to
> create as many problems as it solves]. However Linux
> (specifically the Debian flavor) offers the breadth of tools
> and user acceptance required. A similar problem is described
> in "How different is Ubuntu from Debian?"
> {http://wiki.debian.org/FAQsFromDebianUser ;}
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
0 new messages