Linked by Thom Holwerda on Tue 20th Sep 2005 17:38 UTC
Mozilla & Gecko clones Mozilla has reacted to a Symantec report issued on Monday which said serious vulnerabilities were being found in Mozilla's browsers faster than in Microsoft's Internet Explorer. The study was conducted over the first six months of 2005. Tristan Nitot, president of Mozilla Europe, hit back by claiming on Monday that when a vulnerability is found Mozilla's "ability to react, find a solution and put it into the user's hands is better than Microsoft."
Permalink for comment 34172
To read all comments associated with this story, please click here.
Mozilla strikes back! And firewall in linux!
by jaboua on Tue 20th Sep 2005 20:16 UTC
Member since:

Finnaly mozilla strikes back, right in the face of microsoft ;)

About firewall in linux, you should get one, you don't need to get conserned about virus, however you CAN be attacked by rootkits and hackers. If you use a 2.6-kernel, make sure you have the needed kernel-modules/kernel-options and install iptables. Then I can borrow you my setup, mostly token from the book "Linux Security Cookbook":

1) To disable spoofing, add this to /etc/sysctl.conf:
net.ipv4.conf.all.rp_filter = 1

Then, type this to apply the changes without rebooting:
sysctl -p

2) Then apply the iptables-rules by typing this in a terminal:

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP

That would give you a in-kernel firewall, blocking all incoming new connections, except for incoming connections from your own box (over device "lo") and new connections related to current connections. All output is accepted, and forward dropped. Try that and some box-scanning page!

3) To save the firewall-config, do one of these (they usually should work, however it may not work on some distros. In that case, either find the location of the init-script or manually save it. Remember to activate iptables at boot by adding it to the init-scripts!

/etc/rc.d/iptables save


/etc/init.d/iptables save

Good luck,
-- jaboua

Reply Score: 2