Is this a good firewall?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello everyone,

I'm creating an iptables firewall using Firewall Builder
(fwbuilder.org).  I like the
clean shell scripts that FW Builder creates and have tested several of
them on various test boxes.

The latest firewall I'm needing to create is for a server
(FC2,iptables v1.2.9) that I host several virtual websites/email on.
This box has 3 static IP addresses on it.  I also have built a few
rules to allow certain IP's to have access to any port, any time (in
case I screw something up, I can get back in and fix it as this box is
at a server house and I have no console access.)

I've generated a sample firewall and placed it here:
http://kold.homelinux.com/homesvr.fw  (bash shell script)

The IP's are not real and probably not even associated with the right
netmasks.  The rules for addresses using 192.168* and 127.0.0.[234]
are the ?static? IP's for me to get back in if something messes up. 
Otherwise I'm allowing all 9 services access and denying everything
else.

Here are a few questions:

1) Is there I can allow a dynamic hostname to have unlimited access to
the server?  For example, if I'm a Comcast subscriber the hostname to
my cable modem is 12-134345-112.nashville.comcast.com or something
like that.  Is there a way I can create a firewall rule to allow all
*.nashville.comcast.com requests for any port rather than a static IP?

2) Are there other restrictions I should place on the 9 ports I have
open?  If so, what are they?

Thanks for any help,
Kevin
-- 
Kevin Old
[email protected]


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux