Can anyone recommend me a decent firewall for my Debian server. I'd like to avoid installing a brickwall
:)
Debain server firewall
- blacksx
- Thread is marked as Resolved.
-
-
Your router should have a firewall enabled - you should only open ports that are necessary - (server listen/sharing port) - and this should be all that is needed.
-
Your router should have a firewall enabled - you should only open ports that are necessary - (server listen/sharing port) - and this should be all that is needed.
I would tend to disagree on this for a couple of reasons. In Ireland the main ISP is Eircom and their router will not port forward without setting firewall to low or off. As far as I can see all ports are open by default and I have never found where in the router setup they can be closed. I use iptables to open or close as required. This tutorial by Ten Below seem like the ideal way to do it ie block everythimg and then allow what you need. The old obsolete computer withou a monitor needs very little access to anything when all it is used for is cardsharing but for this reason it needs a lot of protection fro, outside world. i could'nt get it to work properly on Debian but I extracted various bits from it and write them to my own ptables and make it ongoing with Iptables-persistent. Have a read of it and it will create ideas for you
http://linuxsat-support.com/li…lock-allow-using-dns.html -
Of course - agree you need a firewall, but I have found myself that my router is adequate - if as you say the router does not provide this, then it is important something else is put in place. I personally would not use a router provided by my ISP because they will usually make them difficult to configure differently to the 'norm', to reduce the amount of support calls.
-
The eircom routers have a hidden "open" port built into the firmware for what they call "support"
They can at any time log into your router and see all devices on your network, all open ports and they can even upgrade the firmware if you ring them to complain about their service being shite
So as said never use a router supplied by your broadband provider if you cardshare or do anything else that may be considered "dodgy" -
-
You wont have any additional firewall if sharing via stb so see no need to add anything to this kind of server, follow this & you should have nothing to worry about.
[h=3]A Quick Guide To Iptables[/h]
Participate now!
Don’t have an account yet? Register yourself now and be a part of our community!
