From: Jan K. <nos...@ja...> - 2011-12-28 14:53:56
|
Hi, Am 28.12.2011 15:05, schrieb Alex Athanasopoulos: > Many of us use rented servers that are accessible only remotely and > do > not come with a firewall. What are we to do? Not use a firewall? Let me ask you a questtion: If you only have a rented server serving services to the outside world, why would you intend to use a packet filter? (Don't confuse a packet filter like IPTables with a *real* firewall where you would have to thinkl about stuff like IDS, Proxies and so on.) 1. Services which need to serve the outside world *cannot* be protected by a packet filter, as you have to set the rules to ACCEPT for that service. You have to care to the security within the service. 2. Services which don't need to serve the outside world *must* *not* listen to it, so they don't need a packet filter blocking access to them. The packet filter just puts another layer of software around closed ports, and as _every_ piece of software tends to have bugs, setting up an unneeded packet filter may cause more problems than it solves. The company hosting your server needs a firewall, that is true, but you having a single server? Also a company having to protect *their* SMZ and/or internal network need a firewall, but again, these are not comparable scenarios. Don't get me wrong: I don't intend to be impolite or get you away from installing shorewall on your server. I'm just curious... Best regards Jan |