question about a firewall

question about a firewall

Etzion Bar-Noy ezaton at tournament.org.il
Sat Sep 4 00:26:04 IDT 2010 

Hi.
I am in your shoes. I maintain several Linux systems hosted in Netvision
(currently) for the last few years. For the last 7 years or so, I have been
using iptables to protect my systems from intrusion. I have been using
denyhosts to prevent unauthorized SSH logins, and prevented direct root
login, or blocked all/some except my home fixed address and some other
well-trusted addresses.

This setup has proven itself to be effective and reliable, with zero
intrusions (I stopped logging them after a while, because it's not that
interesting, after all. The amount of random port scans are huge).

Assuming you understand iptables, and you know how to handle it right, there
is no problem with that solution. None that I have noticed.

Ez

2010/9/3 Hetz Ben Hamo <hetzbh at gmail.com>

> Hi people,
> As I setup my VPS/dedicated hosting here in Israel, I have been asked by
> the hosting company (Netvision) to either buy and bring a firewall or rent
> from them since the bandwidth I bought exceeds what is allowed under their
> firewall.
> They're offering Cisco 1383 (or 1838, I don't remember exactly which
> model).
>
> As a person who really loves Linux, I thought to myself: Why do I need to
> buy/rent some proprietary Cisco solution? Can't Linux handle the firewall
> task well? I'm sure Cisco/Checkpoint solutions are great, but yet...
>
> So here's my question: If you were in my shoes, would you take a cisco or
> apply some Linux solution? If you say Linux solution, what kind of solution?
> Could you name an app/module/whatever that can do a good protection against
> the usual suspect and protect against stuff like DDoS attack?
>
> I prefer the Linux solution because then I can run other services on this
> machine (small mail server, nagios, etc..)
>
> Suggestions?
>
> Thanks,
> Hetz
>
> --
> my blog (hebrew): http://benhamo.org
> Skype: heunique
> MSN: hetz-blog at benhamo.org
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20100904/b8bb7998/attachment.html>

More information about the Linux-il mailing list