31 Mar


Firewall - Securing your server

This guide is reserved for people with a good level in the administration of dedicated servers on Linux. The handling of a firewall can be dangerous . Indeed, you can block your server what will force you to restart it HARD. If you make a mistake in the final script and you put it in auto startup, you will not have access to your machine! So be very careful and if you do not feel comfortable with this guide, do not set your firewall!

To competently perform rectifying security service, two critical incident response elements are necessary: information and organization.

Faheem Khan

A Firewall, What is it?

This is a program that will block certain ports on your machine and open to other. Imagine your house, you have a door in the front and a door at the rear. At the back, does you ever, as the convict. Why ? Because this is a potential intrusion for a thief. With the firewall is the same, we will close all ports that we do not need.

Ports, What ports you use?

Caution! First of all, we must be very careful what you do. In fact, you could go wrong ports and close the bad. Imagine if you close the SSH port! It will then restart either via telnet, or via webmin or reboot so hard in. / Default opened ports on OVH server are:

21 – ftp (the FTP server, allowing depending on use).
22 – ssh (the crypted shell, leave it!).
23 – telnet (the unencrypted access to the shell, leaving in troubleshooting)
25 – sMTP (outgoing mail server, allowing in most cases).
53 – dns (the DNS server, allowing in most cases).
80 – http (the web server permitting).
110 – pop3 ( the mail access, allowing in most cases).
143 – imap (the mail access, to leave if you do not use pop3).
443 – https (the crypted web, according to let your use).
1000 – webmin (server configuration panel, leave if you use it).

Iptables - What is it?

iptables is a very powerful firewall, installed on all ExpertPK servers. The operation will be: we will open some ports and close the rest. In this example, we’ll leave that port 22 (SSH) and 80 (HTTP). This is only one example, it is for you to adapt in relation to your needs.

Iptable Example

. Connect with SSH root
The first thing to do is Verify the iptables:

$ / sbin / iptables -V

iptables v1.2.4 The version here is too old. We will put the 1.2.9:

$ cd /root
$ wget http://www.netfilter.org/files/iptables-1.2.9.tar.bz2
$ tar xvfj iptables-1.2.9.tar.bz2
$ cd iptables-1.2.9
$ make KERNEL_DIR=/usr/src/linux
$ make install KERNEL_DIR=/usr/src/linux
$ cd /sbin
$ mv iptables iptables.old
$ mv iptables-restore iptables-restore.old
$ mv iptables-save iptables-save.old
$ ln -s /usr/local/sbin/iptables iptables
$ ln -s /usr/local/sbin/iptables-restore iptables-restore
$ ln -s /usr/local/sbin/iptables-save iptables-save
$ /sbin/iptables -V
iptables v1.2.9

Leave a reply