# I didn't setup iptables for a week after install, am I safe?

## floattt

I know I'm going to come off as a total noob, but I forgot to setup my iptables rules for a week after install. OUTPUT, INPUT and FORWARD were set to ACCEPT during this time. Is my computer still safe? I'm behind a router so I'm assuming yes, but I want to make sure. Sorry for my ignorance.

----------

## Keruskerfuerst

If you are a home user, you should use a hardware firewall (200€+).

Just open those ports, which are used by your porgrams.

----------

## jonathan183

It depends on how your router is configured and if you have any services listening to ports.

When I have had routers provided by an ISP they usually come configured to allow all outgoing connections, and reject or drop all incomming ports which are not associated with an outgoing connection. This would be good enough for most home use cases - provided the host you setup was not in a DMZ.

If you are still concerned then backup the /etc tree and do a fresh install, and only copy back config files you need one at a time. Taking a copy of /var/lib/portage/world will give you a list of things you have installed. A copy of .bash_history will help you run through the same commands as you did with the previous install  :Wink: 

----------

## NeddySeagoon

floattt,

Depending on how you set up your system, you may not need a firewall at all.

Firewalls are good for two things,

a) they stop nasty stuff from getting in

b) they stop nasty stuff that has got in from phoning home.

You can achieve a) by not running anything that listens to the internet.  Gentoo does not start any services for you.  You need to add them to a runlevel or start them yourself.

Most home firewalls are capable of b) but its a pain to set up, so its turned off.

What ports does your router forward to your PC?

A firewall will not stop nasties that you invite in, e.g. by browsing iffy websites.

----------

## Buffoon

None of my boxes behind NAT have firewall.

----------

## NeddySeagoon

Buffoon,

I have a fairly paranoid firewall running in a KVN that covers my whole network.

Its paranoid because it used to protect Windows boxes too.

----------

