From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephen Samuel Subject: Re: linux as bridge firewall Date: Thu, 12 Jun 2003 18:38:02 -0700 Sender: linux-admin-owner@vger.kernel.org Message-ID: <3EE92AFA.7000305@bcgreen.com> References: <200306121620.AA71041244@fondoformacioncentro.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <200306121620.AA71041244@fondoformacioncentro.com> List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: linux@fondoformacioncentro.com Cc: linux-admin@vger.kernel.org cuenta de RH wrote: > hi list!!! any one knows what happend with the services in linux when it > acts as bridge firewall(xinetd, sendmail, sshd, etc)? since it has no IPs, > can i desactive? I'd go as far as to say you 'should' deactivate (unless you have a good reason not to). If your machine is just a bridge, and you're not setting an IP address for any of it's interfaces, then there should be no packets that the machine ever sees directed at it (unless someone manages to do something like send a packet with a 127.0.0.1 address -- which your firewall should be rejecting as bogus). The reason why is that -- each service has the possibility of being exploited. If you manage to accidently assign an IP address to one of the interfaces, then you don't want those services exposed to the world. -- Stephen Samuel +1(604)876-0426 samuel@bcgreen.com http://www.bcgreen.com/~samuel/ Powerful committed communication, reaching through fear, uncertainty and doubt to touch the jewel within each person and bring it to life.