question about a firewall
Hetz Ben Hamo
hetzbh at gmail.com
Sat Sep 4 00:42:44 IDT 2010
I'm doing this thing right now. The only issue I worry about is attacks like
DDoS.
Hetz
2010/9/4 Etzion Bar-Noy <ezaton at tournament.org.il>
> Hi.
> I am in your shoes. I maintain several Linux systems hosted in Netvision
> (currently) for the last few years. For the last 7 years or so, I have been
> using iptables to protect my systems from intrusion. I have been using
> denyhosts to prevent unauthorized SSH logins, and prevented direct root
> login, or blocked all/some except my home fixed address and some other
> well-trusted addresses.
>
> This setup has proven itself to be effective and reliable, with zero
> intrusions (I stopped logging them after a while, because it's not that
> interesting, after all. The amount of random port scans are huge).
>
> Assuming you understand iptables, and you know how to handle it right,
> there is no problem with that solution. None that I have noticed.
>
> Ez
>
> 2010/9/3 Hetz Ben Hamo <hetzbh at gmail.com>
>
>> Hi people,
>> As I setup my VPS/dedicated hosting here in Israel, I have been asked by
>> the hosting company (Netvision) to either buy and bring a firewall or rent
>> from them since the bandwidth I bought exceeds what is allowed under their
>> firewall.
>> They're offering Cisco 1383 (or 1838, I don't remember exactly which
>> model).
>>
>> As a person who really loves Linux, I thought to myself: Why do I need to
>> buy/rent some proprietary Cisco solution? Can't Linux handle the firewall
>> task well? I'm sure Cisco/Checkpoint solutions are great, but yet...
>>
>> So here's my question: If you were in my shoes, would you take a cisco or
>> apply some Linux solution? If you say Linux solution, what kind of solution?
>> Could you name an app/module/whatever that can do a good protection against
>> the usual suspect and protect against stuff like DDoS attack?
>>
>> I prefer the Linux solution because then I can run other services on this
>> machine (small mail server, nagios, etc..)
>>
>> Suggestions?
>>
>> Thanks,
>> Hetz
>>
>> --
>> my blog (hebrew): http://benhamo.org
>> Skype: heunique
>> MSN: hetz-blog at benhamo.org
>>
>> _______________________________________________
>> Linux-il mailing list
>> Linux-il at cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
--
my blog (hebrew): http://benhamo.org
Skype: heunique
MSN: hetz-blog at benhamo.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20100904/3258be2c/attachment-0001.html>
More information about the Linux-il
mailing list