Two firewalls for a standalone PC

0moriarty0 · July 4, 2008, 11:37pm

Does a standalone PC require both the router and PC firewalls to have best security ?
Or does switching off the PC’s firewall improve performance while maintaining best security ?

ken_yap · July 5, 2008, 12:39am

Having a Linux firewall on your desktop has negligible effect on performance but it’s a pain if you do a lot of experimentation on your internal network. For this reason I only have a perimeter firewall active. But then I’m the only one on this LAN. If you are on a hostile LAN you might want to be more careful.

These days though, the attacks are usually through weaknesses in applications. I would for example recommend a Firefox add-on called Flashblock, which prevents Flash from autoplaying but you can still click on the clip to play. What if a vulnerability were discovered tomorrow in Flashplayer (which remember, is not open source so we know nothing about its quality) and some sites had booby-trapped clips installed? Besides I dislike clips playing and eating up my bandwidth without my consent.

0moriarty0 · July 7, 2008, 10:27am

Thanks Ken
I will install flashblock as I too don’t require others to use my bandwidth with out asking.
So could others who I give permission to use the wireless router could access my PC if there was no PC firewall running ?

ken_yap · July 7, 2008, 10:48am

By default no unauthenticated services are available outside of the machine, so you would have to do something explicit if you wanted to let other LAN users to connect to your webserver, etc.

0moriarty0 · July 7, 2008, 1:07pm

So the wireless router gives access to the internet via the ADSL line for the wireless clients but does not allow wireless clients access to the LAN running on my PC ?

I found this link about RealPlayer and port 7070
RealNetworks RealSystem Firewall Support

still reading this

ken_yap · July 7, 2008, 1:19pm

I assume you are talking about combo routers. That depends on the router and has nothing to do with Linux. But if the wireless clients are on the same subnet as the wired clients, then often it’s the case that they are interchangeable, and probably what most people want to happen, for sharing, etc. Whether or not you can arrange for the wireless clients to be on a different subnet with appropriate protections from each other depends on what your router is capable of.

0moriarty0 · July 8, 2008, 12:21pm

So I see when I scratch the surface I open a abyss of information
yes I have a wireless router with a LAN to my PC.I have no wireless card installed.
If I want to share with others then one gives file permissions and network permission.
I was just curious to know if my wireless clients had access via LAN, to my PC, without its firewall running ?
Is it a wrong assumption that all network hareware defaults to secure connection ?
Thanks Ken for your replies , much appreciated.

ken_yap · July 8, 2008, 2:21pm

That depends on the router, but as I said, a lot of routers put the wired and wireless LANs on the same subnet. You can simply turn off the WLAN portion if you are not using it. Normally one would also normally set an access key on the WLAN so that only machines with the key can get on the WLAN. In addition, many routers have MAC filtering to further keep out unauthorised wireless clients.

0moriarty0 · July 9, 2008, 2:16pm

Thanks ken, you have help a lot