Re: [Firestarter-user] Web server firewall setup
Brought to you by:
majix
From: J.O. A. <tr...@in...> - 2007-07-20 11:12:22
|
On Fri, 20 Jul 2007, Nikolaos Anagnostou wrote: > What I would like to know is whether I need to change anything in the > iptables configuration (ip ranges etc). > I installed firestarter to make my > life a bit easier, but then it occurred to me that setting up a second > firewall behind the company's hardware firewall might be overkill. Or not? It's overkill if you are thinking about outside threats, but of course there could be someone at the company that would try to access the machine falsly, in which case a firewall could be usefull. > If a workstation in the LAN is compromised, is the internal web server > vulnerable with the default iptables configuration? Only if you have given that ip-address full access and you are running something that listens to "remote" connections, like a badly configured SMTP, if you don't have any extra services running, more than SSH and Apache, there won't be any extra risks. > Also, what will happen to the HTTP and SSH ports when the firestarter wizard > completes? Will these ports close? I would want to lock myself out of the > server... :) I never run the GUI directly on a machine where it will be running, I first configure it on my desktop machine, copy the scripts over to the server, that way I know it work at once as I wish, When I change settings I do usually edit the script files directly on the server. -- //Aho ------------------------------------------------------------------------ E-Mail: tr...@in... URL: http://www.kotiaho.net/~trizt/ ICQ: 13696780 System: Linux System (PPC7447/1000 AMD K7A/2000) ------------------------------------------------------------------------ EU forbids you to send spam without my permission ------------------------------------------------------------------------ |