Results 1 to 8 of 8
  1. #1
    Join Date
    Mar 2004

    blocking an ip and firewalls

    i am looking at dedicated servers and i noticed that to get a hardware firewall is quite expensive.

    If i needed to block an ip or range of ip is the only way to do it with the firewall?

    for those on a low budget how well do software based firewalls work?

  2. #2
    Join Date
    Aug 2003
    You could always use iptables which can be built into the Linux kernel.. however, the more rules ('filters') you have set, the more overhead there is -- each packet is compared against the rules.

  3. #3

    A lot of the customers we manage use software-based firewalls (typically iptables managed by Bastille for Linux with extensions we add) with great success.

    We've found that on today's hardware (real Pentium's; I cannot speak for Celeron's), you can easily have 5,000 or so rules within the firewall and the performance of the services on the box are not impacted to anything noticable.

    Thank you.
    Peter M. Abraham
    LinkedIn Profile

  4. #4
    Join Date
    Mar 2004
    how about if this is for a windows 2003 server?

  5. #5

    Then take a look at Visnetic.

    Thank you.
    Peter M. Abraham
    LinkedIn Profile

  6. #6
    Join Date
    Jul 2003
    There is hosting companies out there that can and will put your Windows based server behind a gateway firewall. It will not give you a 100% protection against everything but it will give you a good amount of protection. I personally prefer to build gateway firewalls with OpenBSD and PF and then create a nice light ruleset utilizing <table>'s and $lists along with other macro's. This makes the firewall VERY VERY fast and can take quite a hit DoS wise and shake it off if you tune it right.

    We had one little p2 400mhz with 256mb 4gb SCSI shake off a 32mbs DoS for 3 days without a problem.

  7. #7
    you can use iptables and route command ! it's good and i think APF can help u more

    also you can ..
    pico /etc/hosts.deny
    and and add IP you want to be banned
    iptables -A INPUT -s 6x.2xx.19x.x -j DROP
    iptables -A INPUT -s 68.16x.120.* -j REJECT

    iptables is a kernel-level firewall. It will completely drop any packets server-wide coming from the IP.
    or you can use :
    route add IP drop
    Last edited by youandme; 03-25-2004 at 01:44 AM.

  8. #8
    This is a pretty simple How-to for installing APF Firewall.

    1) Install:


    rpm -Uvh apf-current.rpm

    2) Edit:


    DEVM="0" - set to 0 only if you are sure that firewall works good

    (Common Cpanel Ports, please re-configure for your use)

    TCP_CPORTS=" 21,22,25,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306,7786" (in one line!)


    Many other options in which you can enable inside the config. Please take time to configure.

    3) Restart APF

    To Enable Pings:

    pico -w /etc/apf/icmp.rules


    # Uncomment to enable pings

    # $IPT -t filter -A INPUT -p icmp --icmp-type 8 -m limit --limit $ICMP_LIM/s -j ACCEPT

    Then restart APF



    /etc/rc.d/init.d/apf stop

    /etc/rc.d/init.d/apf start

    /etc/rc.d/init.d/apf restart

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts