In my search to find the ultimate Firewall solution (should i install Ipchains or portsentry, any other firewalls available?), i found raqport.com.
They claim to totally secure your raq for $210 (wonder if they give discounts for several servers?).
They also sell raqs, and offer dedicated servers.

Does anyone have any experience with them or know anything about them ?

In the interest of saving what is left of the little letters on my keyboard:D I'll just say that there are likely some good directives here but if you go to http://forum.rackshack.net/ and do a search for shortfork ipchains

You'll find one of the links that comes up has an instruction sheet that I wrote up for someone that even an idiot like me could follow.. It was actually a compliation of several instructions that were given to me as well as a chains rules file that would envoke ipchains and NOT lock you out in the process...

I'd say that $205. figure is probably high but it does take maybe an hour of your time if you are even slightly familiar with shell.. so.. it's up to whether or not you can afford or want to spend that kind of money or if you want to do it yourself and learn/save in the process.

Shortfork

Well i love to learn, but not if i bring the server down in the process.
I decided to give it a try.
I found the instructions, and if the moderator (and author!) approves, i will even publish them here, since there are a lot of questions about them in the archives but only few answers.

I also found directions to install logcheck/portsentry, but that would be a rather long post :)

Please post your info !

Robbert

I used to intall ipchains by hand following the guidelines from Shortfork. And although that seems to work fine on 2 of my raqs (both raq 3) i use pmfirewall now for two raq4's.
Funny enough pmfirewall (with these directions) are not working on the raq3's at Tera-byte ( i guess a DNS issue).

Lets assume you want to install Pmfirewall (wich is actually the same as Ipchains):

5.1 Installing PMFirewall
Go to the directory where you downloaded the latest version of pmfirewall.

mv pmfirewall* /tmp

cd /tmp

tar -zxvf pmfirewall*

cd pmfirewall-1.1.4 (or whatever the release you download is)

sh install.sh

You will now be prompted for your system configuration. Normally the
defaults are sufficient, but be sure they are correct!

Directory to place config files [/usr/local/pmfirewall]: <hit enter>
What is your External Interface? <hit enter>
Are there any IP ranges which require unrestricted access? (y/N): <hit enter>
Are there any IP ranges which should be blocked completely? (y/N): <hit enter>
Is your IP address assigned via DHCP? (y/N): <hit enter>
Are you running a FTP Server on ports: 20/21 (y/N): <enter y>
Enter the IP Range or press ENTER for any IP address: <hit enter>
Are you running a SSH Server on port: 22 (y/N): <enter y>
Enter the IP Range or press ENTER for any IP address: <hit enter>
Are you running a Telnet Server on port: 23 (y/N): <hit enter>
Are you running a SMTP Server on port: 25 (y/N) <enter y>
"Enter the IP Range or press ENTER for any IP address: <hit enter>
Are you running a DNS Server on port: 53 (y/N): <enter y>
"Enter the IP Range or press ENTER for any IP address: <hit enter>
Are you running a Finger Server on port: 79 (y/N): <hit enter>
Are you running a Web Server on port: 80 (y/N): <enter y>
Enter the IP Range or press ENTER for any IP address: <hit enter>
Are you running a POP Server on port: 110 (y/N): <enter y>
Enter the IP Range or press ENTER for any IP address: <hit enter>
Allow IDENT connections on port: 113 (y/N): <hit enter>
Are you running a NNTP Server port: 119 (y/N): <hit enter>
Are you using NTP, it requires port: 123 (y/N): <enter enter>
Do you wish to open NetBIOS/SAMBA ports 137-139 (not recommended)? (y/N): <hit
enter>
Are you running an IMAP Server on port: 143 (y/N): <hit enter> [Unless you are
running IMAP]
Are you running a SSL Web Server on port: 443 (y/N): <enter y> [you should be
using at least a self-signed-cert]
Enter the IP Range or press ENTER for any IP address: <hit enter>
Are you running Routed (RIP) on port: 520 (y/N) <hit enter>
Do you wish to open NFS port 2049 (not recommended)? (y/N): <hit enter>
Do you wish to open X-Server ports 5999-6003 (not recommended)? (y/N): <hit
enter>
Are there any other ports you wish to open to the outside? (y/N): <enter y>
Port number: <enter 873>
tcp, udp or both: <tcp>
Enter the IP Range or press ENTER for any IP address: <enter 1.2.3.4/24> [enter
the subnet to have access]
Do you wish to add others? (y/N): <enter y>
Port number: <enter 81>
tcp, udp or both: enter <tcp>
Enter the IP Range or press ENTER for any IP address: <hit enter>
Do you wish to add others? (y/N): <enter y>
Port number: <enter 444>
tcp, udp or both: enter <tcp>
Enter the IP Range or press ENTER for any IP address: <hit enter>
Do you wish to add others? (y/N): <hit enter>
Start PMFirewall on bootup? (Y/n): <hit enter>
Do you want pmfirewall to autodetect your IP address? (Y/n) <hit enter>
Will this box Masquerade connections for other PC's (y/N): <hit enter>

look at /usr/local/pmfirewall/pmfirewall.rules.local to see the configured rules
If the rules look OK
You need ports 20,21,22,25,80,81,110,443,444 minimum for
ftp,pop,ssh,smtp,httpd,ahttpd,ssl,ahttpd

For convenience sake, type:

cp /usr/local/pmfirewall/pmfirewall /usr/bin

This will allow you to type pmfirewall stop:start:restart from anywhere.

5.2 Running PMFirewall
Okay, let's start the script up by typing:

pmfirewall start


I hope its readable this way.

When i first used this i could not acces my control panel, so i added :
./ipchains -A input -i eth0 -p tcp --destination-port 81 --syn -j ACCEPT –l

Wich solved it.
I suggest you first try without it.

Disclaimer:
I did not write this directions, they seem quite safe if you keep thinking for yourself while following them, but ofcourse all at your own risk.

quality !!! Thanks I think a lot of ppl are helped with this.

Actually we should set up some sort of knowledge base where such info can be posted...So the knowledge can be used by all newbies in the business....

Moderators ??? What do you think ?

Originally posted by dutchie
found raqport.com.

Does anyone have any experience with them or know anything about them ? [/B]

You may want to read this Warning about RaqPort and then proceed with caution in dealing with them. :eek:

http://www.rackisp.com/cobalt/raqport.html

My 2 Cents

Excellent stuff Dutchie! Thanks!

All worked first time - I had the same issue with the control panel and added your line and all's well!

You could always just not run a bunch of services, which makes the firewall a moot issue...

Security activity should not be ignored by the ISP.

The Internet is not a secure environment. Every ISP can confidently expect to be the target of various attacks intended to gain access to the network and server platforms, as well as to be a victim of attacks intended to disrupt the services provided. The ISP also can expect such attacks to be launched against its clients, and possibly, be the victim of the attacks launched by a clients. Good security is an outcome of effective planning process. The process should identify the risks and generate a security policy, which states achievable objectives for the organization.

Careful attention to security will create a robust and relatively secure service environment that translate into a valuable business asset for the ISP.

Integrity of the service. The ISP has to protect the integrity of the network service and must be able to make the operation of the network relatively secure.
Client Security The ISP is expected to assist clients to secure their operation from security incidents.
Incident response. When security incidents occur there is the expectation that the ISP will assist clients and peer ISP's in the tracing of such incidents to their source.
Legal obligations. Underpinning this is the ISP's legal and regulatory obligations, which may include the requirement to report criminal activity and cooperate with law-enforcement agencies in the investigation of such incidents.
Responding to Incidents. Timely and efficient response is necessary to ensure that critical assets are not compromised, that the systems are not used as a springboard for further intrusion into other systems with the network or within client networks, that essential data is not corrupted, and that confidence in the integrity of the operation of the ISP is not compromised.

This is what we offer:
When establishing an Intrusion Detection System Process, a defense in depth process concentrating on software, networks, and hardware is the key to success as

SANS claims. Our approach to that follows these lines and creates several layers of protection.

In short this includes the following software packages (detailed description further down):



—> Installation of all missing patches

—> Improved configuration files

—> Installation of OpenSSH 3.1

—> Installation of our custom built Firewall

—> Installation of Portsentry in "Honeypot"-mode

—> Installation of LCAP to prevent loading of kernel modules

—> Installation of Logwatch

—> Installation of FCheck (similar to Tripwire)

—> Installation of automated CHKROOTKIT