[Klug-general] Ideas, Offerings & Questions

George Prowse cokehabit at gmail.com
Fri Jan 26 20:38:35 GMT 2007


Matthew Macdonald-Wallace wrote:
> Quoting David Halliday <david.halliday at gmail.com>:
>> 4: In the past couple of days I have done more Linux like stuff. A
>> friend needed a host for a website for a small hobby group (a site
>> that will be used by about 8 people once or twice a week) Deciding
>> that he needed LAMP (not provided by his ISP) and that he couldn't
>> afford to pay hosting (anyone on the list with a stay at home wife and
>> two small children will understand) and being not allowed to have a
>> hosting box at home whirring day and night (again the wife factor) I
>> was asked to provide the server. After setting everything up (I did
>> need a good excuse to get geeky at home) on the server and opening
>> ports on the firewall that comes with my ADSL router I figured that
>> perhaps extra security was required.
>> My Windows (Don't hold it against me) boxes have the Microsoft
>> software firewall (seems sufficient)
>> My Linux machines generally don't require the extra security (correct
>> me if I'm wrong)
>> But now I have a Debian server running (providing HTTP, SSH and FTP to
>> the world.. not user name and password is needed for SSH and FTP) I'm
>> assuming that I need some kind of software firewall on this box for
>> safety and (also just for education) What would people recommend? I
>> looked into firestarter but that requires GUI which I don't have/want
>> on this box.
>> Any ideas/recommendations?
>
> IPTables == excellent!
>
> Seriously, have a look at IP Tables.  I'd set them up from the 
> physical console of the machine, that way when you start your ruleset 
> with
>
> # iptables -A INPUT -j DROP
> # iptables -A OUTPUT -j DROP
>
> which drops all packets, your ssh connection isn't cut off like mine 
> was when I first tried this.
>
> If you google for IP Tables Tutorials, there are loads of them out 
> there, also the APress book "Hardening Linux" is very good as it 
> covered securing individual processes and programs as well as setting 
> up a firewall.
>
> HTH,
>
> Matt
>
You really should search Gentoo for anything like this. The Gentoo 
development team and power users set out extremely intricate documents 
for this sort of thing:

http://www.gentoo.org/doc/en/articles/dynamic-iptables-firewalls.xml
http://www.gentoo.org/proj/en/infrastructure/firewall/server-firewall.xml

http://gentoo-wiki.com/HOWTO_Iptables_for_newbies
http://gentoo-wiki.com/HOWTO_Setup_UPnP_with_IPTables
http://gentoo-wiki.com/HOWTO_Iptables_and_stateful_firewalls
http://gentoo-wiki.com/Iptables_port_reference
http://gentoo-wiki.com/Port_forwarding_with_iptables




More information about the Kent mailing list