[nflug] firewall
Eric Benoit
ebenoit at hopevale.com
Wed Jan 11 12:43:58 EST 2006
I'm using shorewall for iptables,how does this look for a webserver?
Action Source Destination Protocol Destination ports
AllowWeb:ULOG net $FW tcp 80,443
for Source ports I put any
Robert Meyer wrote:
> Tnen don't enable it. General rules for firewalls on the outside world: Don't
> open any port that you don't need to use.
>
> In general, I prefer to have a separate firewall. The firewall would only be
> running IPTABLES and nothing else. This leaves no ports available on the
> firewall itself to exploit so it's harder to compromise it. Then put all of
> your servers behind the firewall. You can then control the allowable ports and
> not have to worry as much about the servers themselves. Note that I'm not
> saying that you *don't* have to worry; you just have to worry less.
>
> Cheers!
>
> Bob
>
> --- Eric Benoit <ebenoit at hopevale.com> wrote:
>
>
>>I'm setting up a firewall on a webserver, but I am not sure if I need to
>>allow udp 53 and or tcp 53. This server will not be a DNS server.
>>
>>thanks
>>_______________________________________________
>>nflug mailing list
>>nflug at nflug.org
>>http://www.nflug.org/mailman/listinfo/nflug
>>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug
More information about the nflug
mailing list