[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 10 Nov 2010, Mark Evans wrote:
On 10/11/10 15:25, Gordon Henderson wrote:My typical internet-facing server one looks like: http://unicorn.drogon.net/firewallInteresting that you are using a bridge device also I wasn't aware of anything actually using the IMAP UDP ports.
Er, as for the latter, me neither - I probably just copy & pasted from something else...
For the former - yes, I use a bridge device in some (most) of my servers now - it's part of the LXC virtualisation - essentially the 'host' system becomes an Ethernet switch with the virtual servers having their eth0's plumbed into it. It seems efficient enough.
Lots of that are probably redundant - I sort of add to it/remove from it as time goes on.... And I have another variant that I use on routers for NAT, etc....
If you're running a SIP server (or want to play with blocking a service depending on an incoming rate), you might want to look at:
http://unicorn.drogon.net/firewall2however it does need a good processor to handle a full-on flood - that level of deep packet inspection and tracking isn't nice on a weedy processor...
Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq