[Firehol-support] servere's firewall

Grigory Fateyev greg at anastasia.ru
Fri Apr 29 18:01:10 BST 2005


I need to write very security firewall for hosting server. Write
frirehol.conf for it. What I must do for improving protection? Please,
give me advice.


########### firehol.conf
version 5

blacklist full
mac xx.xx.xx.0/24 my MAC-address

server_ips = "xxx.xxx.xxx.64/28"
trust_ips = "xx.xx.xx.0/24"
trust_dns = ""

interface eth0 internet src "${server_ips}"
        protection strong 10/sec 10
        server ident reject with tcp-reset
        server dns      accept
        server ftp      accept
        server http     accept
        server https    accept
        server pop3     accept
        server pop3s    accept
        server imap     accept
        server imaps    accept
        server ssh      accept src "${trust_ips}"
#       server icmp     accept

        client all      accept

Всего наилучшего!
greg_[at]_anastasia_[dot]_ru Григорий.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20050429/4d72d207/attachment.sig>

More information about the Firehol-support mailing list