The wisdom of the modern world is found on t-shirts, not libraries.

That would explain 95% of Windows problems. Honestly, WIndows wouldn't be half as problematic if the average user weren't so stupid. The average Linux user is definitely a step up.

A Microsoft buddy of mine once wore a shirt with that phrase at TechEd. Nearly got fired for it. Alas, those who bear witness for the truth must also bear the consequences...

books are old-school

thanks for all the information, time and patience, guys. I really appreciate it to be helped as a new user

ok, question about the same subject..
what if I want to run a webserver(lamp-stack), for testing purposes, but it shouldn't be reachable from outside?
just add rules to block traffic incoming for port 80/443, from everywhere except localhost?

Is the computer behind a NAT router or gateway? Please describe your network architecture a bit more. You might even draw a quick diagram, label the interface IP addresses, and post a photo of it.

well, it is a laptop, being dragged from a NAT network to an enterprise-class network infrastructure(school),
I need to run a webserver for testing purposes, that SHOULD not be available to other systems on the network,

this is my setup at home:

the kubuntu-laptop is the Samsung at the left
router to internet is a NAT-router from our ISP

networks are:
left side of Astaro(my systems): 192.168.123.0/24
right side(other stuff): 192.168.2.0/24
but as I said, I also drag it to school, where we use 10.0.0.0/?, or family(192.168.1.0/24, 192.168.2.0/24, 172.16.1.0/24),
I get around a lot of different networks(NAT networks, Enterprise class networks, or just some non-internetconnected testing networks),



I just don't want other people to see what I am doing on that local webserver, since it's non of their bussiness.
I do some webdevelopment for myself, and I am just experimenting with coding(HTML,PHP, CSS and their powers). it's just a little bit of privacy I want

Thanks for the illustrations, that helps a lot.

My suggestion would be to bind all your services only to localhost (127.0.0.1 for IPv4, ::1 for IPv6). This eliminates the need to configure iptables. It's the approach I've taken for services that run on my server but shouldn't be visible outside the box itself (PostgreSQL, SpamAssassin, ClamAV, OpenDKIM).

Alternately, you could leave the services at their defaults (that is, bound to the real NIC) and then create iptables rules to block inbound traffic from everything except localhost.