IPTABLES rules needed
-
So, I am setting up a cloud server from Cloud@Cost. Great!
It is wide open to the world. Great because I would not want the host provider to add restriction. Not great because I do not want everything open to hacking obviously.
So, this means I need to setup some firewall rules. This should be a fairly common scenario and I am about to go Google a bunch of lock down options.
Prior to doing that, I thought I would post here and get some feedback on how any of you guys lock down iptables.
-
This is a scenario where something like Chef, Puppet or just a setup script can be great - adding things like lock downs, EPEL and fail2ban immediately upon initial install.
-
Have you considered using Firewall Builder? I've used it before to configure iptables and it works quite well.
-
@doyle.jack said:
Have you considered using Firewall Builder? I've used it before to configure iptables and it works quite well.
Cool, I have not seen that before.
-
Never checked Firewall Builder, need to test this.
On our servers, we have cPanel and install ConfigServerFirewall which is an excellent iptables based firewall which can be fully configured to block/restrict ports you don't want open. CSF includes the Login Failure Daemon (LFD), which will scan log files and monitor failed login attempts, such as login attempts for FTP and E-Mail accounts, and it will block the IP according to the rules you have setup. CSF also offers Connection Limiting, Real Time Block Lists and Port Scan tracking and much more.
CSF is also supported on webmin which is a free alternative to cPanel. Makes it easy to enable/disable or change firewall rules.
-
So, @JaredBusch... what did you end up doing?
