Re: Paketfilter Setup for Webserver

To: Debian Firewall List <debian-firewall@lists.debian.org>
Subject: Re: Paketfilter Setup for Webserver
From: Lucas Barbuto <lucas@qk.com.au>
Date: Wed, 19 Feb 2003 11:47:04 +1100
Message-id: <20030219004703.GA31080@qk.com.au>
Reply-to: Lucas Barbuto <lucas@qk.com.au>
In-reply-to: <1201200960250.20030218225100@kramer.li>
References: <1201200960250.20030218225100@kramer.li>

Hi Thomas,

On Tue, Feb 18, 2003 at 10:51:00PM +0100, Thomas Kramer wrote:
> anybody here has some hint on setting up a packet filter on an debian
> webserver running http(s), mySQL, ftp, smtp and pop3?

Well there are a few options, but it sounds like you want
Netfilter/Iptables, software that is builtin to the linux kernel.  It
can take a bit of reading and experimenting to get right though.  There
are simpler firewalling options such as Smoothwall.

http://www.netfilter.org/
http://www.smoothwall.org/

As for hints, the general approach is to block all incoming traffic by
default, then just open up ports for the kinds of traffic you want.  In
this case 80, 443, 3306, 21, 25 and 110.

> Nothing special in closing any other ports but how about limiting some
> connections to "reasonable sizes" to be prepared for some types of
> flooding or something.

If you are interested in bandwith throttling, you might want to check
out the Linux Advanced Router HOWTO.

http://tldp.org/HOWTO/Adv-Routing-HOWTO/index.html

HTH,

Lucas

Reply to:

References:
- Paketfilter Setup for Webserver
  - From: Thomas Kramer <newsletter@tmkis.com>

Prev by Date: Re: Routing, maybe NAT...
Next by Date: SSH and telnet forwarding
Previous by thread: Paketfilter Setup for Webserver
Next by thread: SSH and telnet forwarding
Index(es):
- Date
- Thread