Is this a good firewall?
Kevin Old
kevinold at gmail.com
Sat Feb 19 05:51:34 UTC 2005
Hello everyone,
I'm creating an iptables firewall using Firewall Builder
(fwbuilder.org). I like the
clean shell scripts that FW Builder creates and have tested several of
them on various test boxes.
The latest firewall I'm needing to create is for a server
(FC2,iptables v1.2.9) that I host several virtual websites/email on.
This box has 3 static IP addresses on it. I also have built a few
rules to allow certain IP's to have access to any port, any time (in
case I screw something up, I can get back in and fix it as this box is
at a server house and I have no console access.)
I've generated a sample firewall and placed it here:
http://kold.homelinux.com/homesvr.fw (bash shell script)
The IP's are not real and probably not even associated with the right
netmasks. The rules for addresses using 192.168* and 127.0.0.[234]
are the ?static? IP's for me to get back in if something messes up.
Otherwise I'm allowing all 9 services access and denying everything
else.
Here are a few questions:
1) Is there I can allow a dynamic hostname to have unlimited access to
the server? For example, if I'm a Comcast subscriber the hostname to
my cable modem is 12-134345-112.nashville.comcast.com or something
like that. Is there a way I can create a firewall rule to allow all
*.nashville.comcast.com requests for any port rather than a static IP?
2) Are there other restrictions I should place on the 9 ports I have
open? If so, what are they?
Thanks for any help,
Kevin
--
Kevin Old
kevinold at gmail.com
More information about the fedora-list
mailing list