Firewall + server on one machine?
Howdy everybody! To secure my machine as good as possible from the outside world I have closed all the ports that I don't need. So the only ports left open are ssh, http and https. Above that - does it make any sense to install a firewall on the _same_ machine (I can't afford another one at the moment)? --Ragnar
If you would like to possibly have some additional logging - yes. Otherwise no. - Herman On Wed, 24 May 2000, Ragnar Beer wrote: ->>Howdy everybody! ->> ->>To secure my machine as good as possible from the outside world I ->>have closed all the ports that I don't need. So the only ports left ->>open are ssh, http and https. Above that - does it make any sense to ->>install a firewall on the _same_ machine (I can't afford another one ->>at the moment)? ->> ->>--Ragnar ->> ->>--------------------------------------------------------------------- ->>To unsubscribe, e-mail: suse-security-unsubscribe@suse.com ->>For additional commands, e-mail: suse-security-help@suse.com ->>
If by "Firewall" you hear "masquerading" or something like that, it may make sense. Masquerading only open oprts to the outside world when a machine from the inner world wants to communicate with the outside world. In that sense, it is quite safe. Read the security issue about masquerading and FTP for SuSE 6.4. Olivier Ragnar Beer wrote:
Howdy everybody!
To secure my machine as good as possible from the outside world I have closed all the ports that I don't need. So the only ports left open are ssh, http and https. Above that - does it make any sense to install a firewall on the _same_ machine (I can't afford another one at the moment)?
--Ragnar
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Olivier Daigle Projet Harfang (514) 396-8800 ext.7699
If you want to set up a firewall on that machine it is possible. and yes ou
can set up different rules for the incoming and outgoing network
connections.
check out www.linux-firewall-tools.com/linux/firewall/index.html this is
best configuration utility I have found yet and it does it all from the web
site, no downloading needed. I happen to like it.
You are still going to want to read over the firewall, ipchains, and
possibly the masquerading how-to's and also take a look at the man page for
ipchains it will help you to understand what all of the different switches
are used for so that you can make any changes that you wight want to the
script, I never leave the script from this site in it raw form i alway
customize it to some extent to get the most out of it.
Hope this helps,
Ron
----- Original Message -----
From: "Ragnar Beer"
Howdy everybody!
To secure my machine as good as possible from the outside world I have closed all the ports that I don't need. So the only ports left open are ssh, http and https. Above that - does it make any sense to install a firewall on the _same_ machine (I can't afford another one at the moment)?
--Ragnar
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (4)
-
Herman Knief
-
Olivier Daigle
-
Ragnar Beer
-
Ron Blanchett