[arm-allstar] Firewall notes

[Doug Crompton]

Let me reinforce what Dave has said about firewalls. We get off on these
rather technical discussions about things from time to time and forget that
many or possibly most of our users do not have the knowledge to discern
what is good information and what is not. The discussion of firewalls comes
up from time to time and again I want to emphasize that most of you do NOT
need a firewall.

Many users come from Windows or possibly from the Debian fiasco about a
year ago when systems were compromised due to an OS screw-up. Our hamvoip
systems have only the ports open that you would normally use - ssh, iax,
and http. I do not want users to become scared that their system are a time
bomb waiting for hacking. I will repeat what Dave said - Implementing a
firewall and opening these ports adds nothing to protection as they are the
only ports open to begin with.

First of all if you are nat'ed behind a router and you don't port forward
port 222 (ssh) you are safe. If you do port forward ssh and you use a good
password - 10-12 characters consisting of mixed upper/lower case, numerics
and special characters you are safe. Many users use simple passwords and
while that is probably OK if you don't allow Internet access to ssh it
definitely would not be otherwise.

So if you are using a stock hamvoip system and you have not opened
additional ports and you use a good ssh password then you have nothing to
worry about. Fear seems to be the order of the day any more. Relax, play
Allsar, use common sense and stop worrying about things you don't need to
worry about.


*73 Doug*

*WA3DSP*

*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*