What Firewall would you suggest for a dedicated server running ensim for hosting.

Greetings:

One that you are comfortable managing given that you just don't put it up and forget about it <smile>.

Check out the following:

http://www.bastille-linux.org/
http://firehol.sourceforge.net/
http://www.r-fx.net/apf.php
http://www.geocities.com/steve93138/
http://www.fwbuilder.org/

Also, security should be in layers and a way of life.

For RedHatLinux:

* Disable telnet.
* Limit SSH access to specific IP addresses.
* Disable direct root login.
* Remove unnecessary packages / software.
* Harden the kernel against synflood and basic DOS attacks.
* Remove common user access to compilers and fetching software (wget, fetch, lynx, etc.).
* Ensure /tmp is in its own partition with noexec, nosuid.
* Ensure kernel and software is up to date.
* Remove unnecessary users and groups.
* Install chkrootkit, logwatch, tripwire.
* Install a firewall, and port scan detector.
* For Apache servers, install mod_security and configure for use with FrontPage, PHPMyAdmin, Site Studio, and other H-Sphere applications.
* Secure DNS Servers

Thank you.

dam this is going to be a task alot to do with little knowledge looks like its head stuck in books for about a month

If you want to run a firewall on your dedicated server, the firewall you will use will be decided by the operating system you are using. For Linux, you probably want iptables.

Learning a firewall remotely is not the best way to do it..unless you have good support who can get your server back up after you put up a wrong rule by mistake. And it will happen. If you can, practice with your local box before configuring your dedicated server's firewall.

If you're talking about a firewall in front of your dedicated server, that is another story.

Oops, hit post button twice..

I highly recommend APF, which is a frontend for iptables. It is very selective as to what it allows and what it doesn't , and does a pretty good job of filtering out worms/etc (or tries to;))

As well as the above suggestions, here are a few helpful hints for firewall stuff.

in /etc/hosts.deny, at the top (first rule), add.
ALL: PARANOID

This will make a valid attempt at denying spoofed ip's and whatnot.

in /etc/sysctl.conf:

# disable packet forwarding
net.ipv4.ip_forward = 0
# enable source route verification
net.ipv4.conf.all.rp_filter = 1
# ignore broadcast pings
net.ipv4.icmp_echo_ignore_broadcasts = 1
# enable syn cookies
net.ipv4.tcp_syncookies = 1
# size of syn backlog
net.ipv4.tcp_max_syn_backlog = 512
# disable automatic defragmentation (needed for masquerading, LVS)
#net.ipv4.ip_always_defrag = 0
# set max files
fs.file-max = 32768
# Enable IP spoofing protection, turn on Source Address Verification
net.ipv4.conf.all.rp_filter = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring ping request
net.ipv4.icmp_echo_ignore_all = 1


in /etc/rc.local

#for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
# echo 0 >
# done
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 >
done
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 0 >
done
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all


That's a pretty strong firewall, granted it's not perfect, but combine those with APF and you should be very close to it;)

HTH

I was always curious - why one would want to ignore ICMP?.. Any reasonable statement on this?

regards,

curious,
in above, why are these lines the same:
# enable source route verification
net.ipv4.conf.all.rp_filter = 1

# Enable IP spoofing protection, turn on Source Address Verification
net.ipv4.conf.all.rp_filter = 1

More than likely just a duplicate entry in the file itself.