Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Production app or web server firewall set-up - questions
  • From: Steven Thompson <steven@xxxxxxxxxxxxxx>
  • Date: Fri, 18 Jan 2002 11:19:53 +0200
  • Message-id: <1F21E42FAB58D411905700508B60B95226CE72@xxxxxxxxxxxxxxxxxxxxxxxxx>
Hi All

In a production environment what is the recommend security settings with
performance in mind and only services that I will be providing is
http, https, ssh2 - scp, smtp. (i.e. secure , but with as little overhead)
Kernel 2.4.x and using iptables , postfix, stronghold apache.

Q.1 What services can hosts.deny & hosts.allow secure?
(mainly in regards to the services that I'm using above)

Q.2 Should I use stateful connection tracking on all ports or only the
ssh,smtp and https ports? What is the stateful connection overhead like.

Q3. What ICMP should you block and what must you answer directly or
indirectly, so that you don't break other services or slow them down.

Q4. What is recommend minimum ports and protocol that I must log, so that I
can audit attacks , problems and keep logging overhead to a minimum.
Given that our ISP environment has a lot of broadcast traffic.
e.g.

Q5. What DOS of protection options are there with iptables and how do you
workout the rate to limit @. I have syncookie protection enabled.

Q6. Is it still recommend to Reject mail server connections to port 113.
Is the following setting correct:
iptables -A INPUT -i eth1 -p tcp --dport 113 -j REJECT --reject-with
tcp-reset

Thanks in Advance

Steven






< Previous Next >
Follow Ups