Results 1 to 4 of 4

Thread: Opinions on need for firewall

  1. #1
    Join Date
    Apr 2008
    Beans
    1

    Opinions on need for firewall

    Hi,

    I have a virtual server hosted at my ISP with Gutsy running and I have installed a web server and access the server using ssh.

    The only ports that are shown to be active when using nmap are 80 and 22.

    At the moment I don't intend to activate any other ports, so my question is would adding a firewall, or activating IPTables, be redundant or not?

    Thanks.
    Chris

    Disclaimer : Yes I am a noob.

  2. #2

    Re: Opinions on need for firewall

    I guess it would be useful if you want to restrict who can try ssh logins. Plus, having something like shorewall set up your iptables rules makes things dead simple, so why not?
    Also, see the forum sticky which has some opinions on this http://ubuntuforums.org/showthread.php?t=765421

  3. #3
    Join Date
    Apr 2008
    Location
    UK
    Beans
    1,098

    Re: Opinions on need for firewall

    Quote Originally Posted by chrisbrat View Post
    Hi,

    I have a virtual server hosted at my ISP with Gutsy running and I have installed a web server and access the server using ssh.

    The only ports that are shown to be active when using nmap are 80 and 22.

    At the moment I don't intend to activate any other ports, so my question is would adding a firewall, or activating IPTables, be redundant or not?

    Thanks.
    Chris

    Disclaimer : Yes I am a noob.

    Using a firewall seems pointless to me. If you feel it necessary to restrict access via ssh it can be done with /etc/hosts.allow. For example, if you only ever login to the server from one location the lines

    Code:
    sshd: 158.152.1.59: ALLOW
    sshd: ALL: DENY
    in /etc/hosts.allow are sufficient to deny ssh access from anywhere but 158.152.1.59.

    If required, you could do something similar for the web server or use its configuration file.
    Brian.

  4. #4
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Opinions on need for firewall

    well, if you want to operate a server then a firewall should not block that, right? So no point for a firewall...

    I'd rather use something like hostsdeny that will update the hosts.deny file dynamically if there are too many login attempts from one IP in too short time frame.

    With the setup as above you will always require that one IP address to actually ssh into the server. So if the IP addresses changes, you can't ssh in any longer.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •