PDA

View Full Version : IP lock-down for Plesk Firewall

Carlos Camacho
05-25-2005, 09:08 AM
Hi,

I just got my VPS account (Plesk) and I am looking at the Firewall section. As a default, all items are set to "Allow incoming from all". When I was on a dedicated server, I always set it so that only my home IP could access my server via SSH. So, I proceeded to do so in Plesk. I set Plesk administration interface and SSH to my IP. I know have two questions:

1) Should I lock-down any other service? For example, SMTP? Also, shouldn't MySQL be set to just connect to local? (For added security.)

2) Should I add the IP address(s) of PowerVPS's staff? I figured if they need to get in, they will need to have their IPs in my Firewall. Or do they simply do this another way since they own the server? If I should add their IP, can a tech from PowerVPS let me know what IP I should add?

Cheers,
charles
05-25-2005, 09:21 AM
Hi Carlos

We use apf for the firewall. It is commandline based but very flexible. We don't recommend using the one within plesk.

http://www.rfxnetworks.com/apf.php

It wouldn't hurt to limit mysql to localhost, but it already is blocked by the firewall and the internal mysql access controls.

Our support staff should only be accessing your vps via ssh from a few internal machines, but we have the ability to do some management from the hardware node itself. I would suggest doing whatever you feel you need to do to secure it, and we can work around it. If you want specific IPs to allow, please email support.

charles
Carlos Camacho
05-25-2005, 09:29 AM
Thank you for a quick reply. So, is apf allready installed? Or do I need to ask for it to be installed? From what I remember, Virtuozzo last version had issues with Firewalls, thus hosts like you used your own, such as apf. I was under the impression that the latest version of Virtuozzo now runs firewalls fine. Since I am new to VPS, I'll do what you recommend. (If indeed apf is allready installed, then should I set all those options back to Allow from All as it was??)

Thanks,
charles
05-25-2005, 09:42 AM
Yes, the current version of virtuosso supports stateful firewall rules. Many providers still don't use the latest version of virtuosso, but thats no excuse either - we offered a custom firewall without stateful rules before apf could be used.

Yes, please disable the plesk firewall and use apf. I checked your VPS and indeed apf was not installed. I am not sure why, but I apologize. I'm having it installed right now.

charles