[nflug] firewall

Eric Benoit ebenoit at hopevale.com
Thu Jan 12 08:48:47 EST 2006 

I'm thinking maybe just configuring iptables instead of shorewall might 
be easier, but oh well I just want this to be done and cannot find any 
good documentation on it ...does anyone know of website that delves into 
iptables ...just port stuff  I don't care about the other stuff ...like 
Rob said I just want to worry a little bit :)

Eric Benoit wrote:
> I'm using shorewall for iptables,how does this look for a webserver?
>         
> 
> Action          Source     Destination     Protocol    Destination ports
> 
> AllowWeb:ULOG    net       $FW               tcp           80,443
> 
> 
> for Source ports I put any
> 
> 
> Robert Meyer wrote:
> 
>> Tnen don't enable it.  General rules for firewalls on the outside 
>> world: Don't
>> open any port that you don't need to use.
>>
>> In general, I prefer to have a separate firewall.  The firewall would 
>> only be
>> running IPTABLES and nothing else.  This leaves no ports available on the
>> firewall itself to exploit so it's harder to compromise it.  Then put 
>> all of
>> your servers behind the firewall.  You can then control the allowable 
>> ports and
>> not have to worry as much about the servers themselves.  Note that I'm 
>> not
>> saying that you *don't* have to worry; you just have to worry less.
>>
>> Cheers!
>>
>> Bob
>>
>> --- Eric Benoit <ebenoit at hopevale.com> wrote:
>>
>>
>>> I'm setting up a firewall on a webserver, but I am not sure if I need 
>>> to allow udp 53 and or tcp 53.  This server will not be a DNS server.
>>>
>>> thanks
>>> _______________________________________________
>>> nflug mailing list
>>> nflug at nflug.org
>>> http://www.nflug.org/mailman/listinfo/nflug
>>>
>>
>>
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Tired of spam?  Yahoo! Mail has the best spam protection around 
>> http://mail.yahoo.com _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
> 
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug

More information about the nflug mailing list