[nflug] firewall

Robert Meyer meyer_rm at yahoo.com
Wed Jan 11 12:01:43 EST 2006


Tnen don't enable it.  General rules for firewalls on the outside world: Don't
open any port that you don't need to use.

In general, I prefer to have a separate firewall.  The firewall would only be
running IPTABLES and nothing else.  This leaves no ports available on the
firewall itself to exploit so it's harder to compromise it.  Then put all of
your servers behind the firewall.  You can then control the allowable ports and
not have to worry as much about the servers themselves.  Note that I'm not
saying that you *don't* have to worry; you just have to worry less.

Cheers!

Bob

--- Eric Benoit <ebenoit at hopevale.com> wrote:

> I'm setting up a firewall on a webserver, but I am not sure if I need to 
> allow udp 53 and or tcp 53.  This server will not be a DNS server.
> 
> thanks
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug



More information about the nflug mailing list