hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Firewalls - what's your ruleset look like?
Reply

Hosting Security and Technology Configuring and optimizing web hosting servers and operating systems, developing administration scripts, building servers, protecting against hackers, and general security (SSL certificates, etc.)
Forum Jump

Firewalls - what's your ruleset look like?

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 03-02-2003, 03:28 AM
bkiesz bkiesz is offline
Junior Guru Wannabe
  
Join Date: Jan 2001
Posts: 83

Firewalls - what's your ruleset look like?

We are in the process of possibly re-vamping some of our firewall settings and would like to know what other datacenters are using for rulesets.

So if you could, post your inbound and outbound ruleset . If you do something that you feel is non-standard, explains your reasons for doing so.

I think this would benefit the group.

Also, let us know what you use for a firewall... an Appliance (Netscreen, Fortigate, PIX, etc.) or IPTables/IPChains, etc..


Barry

Reply With Quote


Sponsored Links
  #2  
Old 03-02-2003, 03:00 PM
sprintserve sprintserve is offline
Retired Moderator
  
Join Date: Jan 2003
Posts: 9,000
In general, the basic is deny everything, and only allow when needed.

__________________
••• 100% Customer Satisfaction!!! •••
••• http://www.sprintserve.net •••
••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | •••
••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

Reply With Quote
  #3  
Old 03-02-2003, 03:15 PM
iamdotca iamdotca is offline
Junior Guru Wannabe
  
Join Date: Feb 2003
Location: A van down by the river
Posts: 70
Smoothwall is a great OSS firewall. Can be found at smoothwall.org. For the more daring, you can find a good a good IPTables ruleset at http://www.sekure.us/downloads.html (shameless plug )

Reply With Quote
Sponsored Links
  #4  
Old 03-02-2003, 07:29 PM
rfxn rfxn is offline
Junior Guru
  
Join Date: Apr 2002
Location: Canada
Posts: 239
http://www.r-fx.net/downloads/fw.tar.gz

I custom developed my own firewall system complete with a
antidos script to detect high-bandwidth UDP, DoS/DDoS attacks.

Most firewall scripts availible for linux deploy a firewall setup the uses a main set of policies to cover all IP's on a server. This is good and all but can be very lacking when you have 10 or 20 IP's on a system. My firewall is designed to encompass many IP's individualy with their own policies and rulesets. But nonetheless it also has global options to open certian ports on all IP's [e.g: 80].

As well my firewall is also setup to define an array of TOS and FWMARK values when the firewall loads, to better handle traffic priority on the system.

Allbe if you download it the documentation is slim, however to the experienced linux admin it should be relativly easy to setup and deploy with what little documentation is there [configuration files are somewhat more documented than the actual README files].

This firewall is a IPTables [netfilter] system for use on single hosts or gateway hosts.

__________________
'Make no mistake, the odds are not in your favor -- you have to patch every hole,
but an attacker need find only one to get into your environment.'
R-fx Networks - Linux Software & Blog | http://www.rfxn.com

Reply With Quote
  #5  
Old 03-03-2003, 12:34 AM
bkiesz bkiesz is offline
Junior Guru Wannabe
  
Join Date: Jan 2001
Posts: 83
Good responses so far... What I'm looking for is something like this.

the ports open on our INPUT chain:

FTP, SSH, SMTP, DNS, HTTP, POP3, IMAP, HTTPS, 19638(ensim), 10000(webmin)

Ports open on the OUTPUT chain:

FTP, SSH, SMTP, WHOIS, DNS, HTTP, HTTPS


Barry

__________________
VisionHosting.net
Dedicated, Reseller, and Shared Hosting
http://www.visionhosting.net/
barry@visionhosting.net

Reply With Quote
Reply

Related posts from TheWhir.com
Title Type Date Posted
Interoute Launches Cloud Firewall Service for Real-time View into Security Threats Web Hosting News 2012-12-04 16:00:56
UK Web Host StratoGen Expands Cloud Platform to US Web Hosting News 2012-01-05 15:18:33
Dome9 Study Finds Cloud Vulnerable Without Secure Cloud Ports and Firewalls Web Hosting News 2011-11-02 15:37:19
Web Host SoftLayer Offers High-Availability Dedicated Firewalls Web Hosting News 2011-07-19 18:31:23
Q&A: Sean Bruton of NeoSpire, on PCI Compliance Services Web Hosting News 2011-07-06 21:36:32


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:

cPanel Addresses User Concerns of Transfer and Backup Restore System Security

US Attorney says Government Should Have Warrants to Search Email

8kMiles Acquires Cloud Security Firm FuGen Solutions for $7.5 Million

Name.com Resets Customer Passwords After Security Breach

Outbound Spam Causing Sleepless Nights?

Malwarebytes Launches Data Scan-and-Backup Service

Commtouch Report: Spam, Malware Continues to Increase in Q1 2013

Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware

APWG Study Finds Phishers Increasingly Target Shared Virtual Servers

Man Arrested in Connection to Spamhaus DDoS Attacks



 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb
X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?