Re: Firewall Setups
Originally Posted by
goodvikings
Hey everyone
I have a webserver I want to set up a firewall on. At this stage, it seems like I'll end up going with ufw, but lets have a bit of an explanation first...
The end goal is to have SSH and HTTPS only accessible from predefined IP addresses which should be simple enough for any firewall. However there is a trickier goal I'd like
I want to be able to have something that actively monitors the apache2 logs and if it sees a certain number of 404's from a given source ip, to add a rule to the firewall blocking that IP for all ports. I hear fail2ban might be suitable, but I don't know much about it, ie how active it is among other things.
The method of detection doesn't have to be monitoring logs, that just seems like a basic way of doing it.
Suggestions?
Cheers
Ramo
Well UFW/GUFW, Firestarter etc etc are not firewalls themselves, they are merely Interfaces to interact with the Linux Built in Firewall which is in the kernel called IPTables/Netfilter.
I would look at IPTables directly from the command line if i was you it is much more powerful.
Also remember if you are behind a router then there will be a firewall function on that
Backtrack - Giving machine guns to monkeys since 2006
Kali-Linux - Adding a grenade launcher to the machine guns since 2013
Bookmarks