I have two LAMP servers, one with Ubuntu 9.10 the other with Ubuntu 8.04. Can someone recommend firewall software for them? I was following the guide at http://library.linode.com/networking/arno-iptables-firewall-debian-lenny, but ran into errors:
/sbin/iptables: (1) iptables: No chain/target/match by that name.
I'd like to allow ports 22, 25, 80, 443, 993, 995 and 10000.
If you can also suggest a step by step guide to install the firewall too, that would be great
-
On my server (which, coincidentally to your link, is a Linode), I use a program called UFW as a pretty frontend to IPTables. It's as easy as
sudo aptitude install ufwon both your Ubuntu installs (it's part of the core repository, at least on 9.10 Karmic). I think this thread on the Ubuntu Forums should help quite a bit.From thepurplepixel -
Another option which also simplifies the iptables rule and policy process is shorewall, more info.
From fenix -
+1 of UFW and Shorewall for more complicated uses. One thing more, if you enable a firewall, then you should really look at protecting yourself against brute-force login attempts to SSH. Motivation:
- The brute force attempt clutter up your logs so that you might miss a serious hack attempt in the noise.
- If your password is weak (it should not be) then a stupid brute-force hacker could get lucky.
One super-simple way of doing this is to use your firewall to limit SSH to connections where the source IP address is from your office / home ADSL / your other semi-trusted networks. A more flexible way is to do connection rate limiting, either with your firewall or with other deamons.
From Jesper Mortensen
0 comments:
Post a Comment