# Do I need Iptables?

## Rouslan Nabioullin

My Gentoo netbook does not run any services that can be accessed outside of localhost (echo, discard, chargen, as part of xinetd), except for sshd which I might occasionally enable in order to remotely SSH to the netbook. Would it be a good idea to still use Iptables? Or would it be superfluous?

----------

## NeddySeagoon

Rouslan Nabioullin,

Security is like the layers of an onion. The idea is not so much to keep the undesirables out but to make it clear to them that its much easier to go and attack someone else.

Only running services that you need is one layer of the security

IPTables to control things allowed in and out is another.  Outbound control may not seem impotant but if you do get something nasty, it can stop it phoning home.

A hardened install is another layer.

Choose your level of paranoia. Security is also a trade off with ease of use.

----------

## d2_racing

It depends, if you use a cheap router like a WRT54G or something else from Linksys, it does a great job.

----------

## i92guboj

It doesn't do any harm really. ipfilter is implemented as a kernel subsystem so it doesn't even take to load a daemon once the rules are set.

Sometimes some apps can open ports for many reasons, remember that servers are not just apache and dovecot... there's mldonkey or even gkrellm. So, unless you are truly 100% sure that no application that's installed on your box will be opening a port, you should really set a firewall to avoid unexpected surprises.

As said, it all depends on your paranoia level, I guess.

----------

