Keith Roberts wrote: > On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote: > > *snip* > >> I wrote about "physical presence *outside* of your network", like if you >> are on a large WISP that uses bridged network (bad design) and your >> Wireless client is bridged, and you have single NIC firewall in place, >> entire WISP's network will be able to sniff your traffic and hack into >> unprotected workstations/desktops. And there are those scenarios, much >> more then you can think. > > Which is why one poster mentioned that you need to be > familiar with IPtables and Networking before trying to make > your machine(s) network(s) secure? > > I read some time ago something about tunneling different > protocols through firewalls? which sounded quite scary. > All firewalls (on Linux at least) are by default closed, and you need knowledge to punch through the wholes for your public services. Its something like this: Deny all (other) connections then you add few rules and it looks like this: Allow service listening on port X Allow service listening on port Y Allow service listening on port Z Allow service coming from IP A (and port W) Allow service coming to IP B (and port U) Deny all (other) connections Packets are sent through the chain (of the rules like above) and when they hit some rule, desired action is performed and that packet (mostly) stops going down the chain, so it does not hit bottom rule. If packet does not mach any "allow" rule, then it will hit (one of) deny rule and that connection will be terminated. If you want easy to understand Firewall/router PC based on RHEL/CentOS try ClearOS, and if you want it *on* the CentOS I suggest to check shorewall. www.shorewall.net is also excellent site to learn about firewalls and routers in general with lot's of examples. Ljubomir