PDA

View Full Version : Firewall

charles
09-18-2004, 10:29 AM
You should treat your VPS server just like you would treat a dedicated server when it comes to security - after all, you are running a full blown linux distribution! So YES!

Due to security reasons, iptables on the VPS does not support stateful rules or kernel logging however, and most scripts you'll see out there will not work because lof this. It just means you have to write the rules a little differently.

We can install a custom firewall script we created for VPS use in /etc/init.d/firewall - just send an email to support@defenderhosting.com with your server id to request it.

It is a standard redhat service style script so you can do

# make sure it comes on at boot
chkconfig firewall on

# start or restart
service firewall start
service firewall restart

# stop
service firewall stop

# list rules
service firewall status

It has most standard ports opened, and we have variants for panel users with additional ports needed are opened. I recommend you review the script to see that it meets your needs before starting it, and then thoroughly checking all service you need work afterwards.
Simps
01-05-2005, 09:21 AM
Hi,

Couple of related questions:

- to stop responding to ping : comment the line with --icmp-type 8 ?
- to allow SSL SMTP : add a line with --ddport 465 ?
- does a port need to be opened for PostgreSQL ? Or only if it needs to be accessed from outside ?

Thanks,
Simp's
charles
01-05-2005, 12:38 PM
Hi There

Hi,
- to stop responding to ping : comment the line with --icmp-type 8 ?


That should do it. You can't really go wrong here. Try comment it out and restart the firewall. If it doesn't work, try comment out one of the other icmp types.


- to allow SSL SMTP : add a line with --ddport 465 ?


yes (but --dport :) ) for SMTPS


- does a port need to be opened for PostgreSQL ? Or only if it needs to be accessed from outside ?


Only if you need to accesss it from the outside.

FYI, we expect virtuosso to support stateful iptables rules in the near future, at which point you can switch to your OS firewall of choice - we'll probably switch to apf and friends.

charles
Simps
01-05-2005, 01:14 PM
Thanks Charles.

The --icmp-type 8 works fine.


FYI, we expect virtuosso to support stateful iptables rules in the near future, at which point you can switch to your OS firewall of choice - we'll probably switch to apf and friends.
That sounds good ;c)