Next Previous Contents

7. Security

The connection might be slower, you should still take caution with it.

7.1 Firewall

The Linux kernel has an excellent firewall called netfilter, the user-space tool to control your firewall is called iptables. Assuming your dial-in GPRS connection is ppp0, these firewall rules should keep you safe:

iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i ppp0 -j DROP

This should be enough for normal surfing and emailing. If some specific application needs an open port, add lines between those two in like this:

iptables -I INPUT 2 -i ppp0 -p tcp --dport 80 -j ACCEPT

In this case i assumed you wanted port 80 open on your box.

In all these lines replace the ppp0 name if with the name of your dialin interface. Ppp0 is common but it might be different in your situation.

Most GPRS operators use a pey-per-byte method. In other words: They charge you for the amount of data you use, not for the time it takes to receive it. Because of this you might also want to block some outgoing traffic.

See the iptables tutorial for more information.

7.2 Other security measures

A firewall gives you a basic protection, but to be really save there is much more to do. Things like not running unnecessary services and don't login as root for example. Since this subject is a HOWTO on itself, i won't cover it over here. The Linux Security HOWTO gives you more information.

7.3 Bluetooth

With bluetooth being a wireless technology it need it's own security measures. Things like setting a good pin-code are just basics. Also consider to set your phone invisible. With this setting devices can connect to each other, but they need to know the address already because they won't show up in scans. You should also consider the following settings in your /etc/bluetooth/hcid.conf after you got everything working:

This should not affect how devices work, but just add some extra security to your setup.


Next Previous Contents