Re: Paketfilter Setup for Webserver
On Tue, Feb 18, 2003 at 10:51:00PM +0100, Thomas Kramer wrote:
> anybody here has some hint on setting up a packet filter on an debian
> webserver running http(s), mySQL, ftp, smtp and pop3?
Well there are a few options, but it sounds like you want
Netfilter/Iptables, software that is builtin to the linux kernel. It
can take a bit of reading and experimenting to get right though. There
are simpler firewalling options such as Smoothwall.
As for hints, the general approach is to block all incoming traffic by
default, then just open up ports for the kinds of traffic you want. In
this case 80, 443, 3306, 21, 25 and 110.
> Nothing special in closing any other ports but how about limiting some
> connections to "reasonable sizes" to be prepared for some types of
> flooding or something.
If you are interested in bandwith throttling, you might want to check
out the Linux Advanced Router HOWTO.