Re: [PLUG] Web Ass Pfirewall

Fred Stluka via plug on 24 Mar 2021 14:01:04 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Web Ass Pfirewall

From: Fred Stluka via plug <plug@lists.phillylinux.org>
To: Robert <mlists@zoominternet.net>, plug@lists.phillylinux.org
Subject: Re: [PLUG] Web Ass Pfirewall
Date: Wed, 24 Mar 2021 17:00:58 -0400
Organization: Bristle Software, Inc.
Reply-to: Fred Stluka <fred@bristle.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:78.0) Gecko/20100101 Thunderbird/78.8.1

+1 for "block everything and only allow what needs to get in."

That's really easy to do on an AWS server.  The AWS Web console
allows you to add/remove IP addresses on the fly.  So, you can
set it up initially to allow SSH only from the work and home
addresses of your team, but can easily add an additional IP
address temporarily when any of you need it.  Without needing
a way to get in to the server to update its iptables rules.

It also makes sense to block all access to your DB server except
from your web server, and various other combinations.

IPSET sounds useful.  One more thing to add to my bag of tricks.
Thanks!

AWS "security groups" provide some of the features of IPSET.
For example, you once you've defined named groups of servers
like "WebServers" and "DbServers", you can grant access from all
WebServers to port 3306 (MySQL/MariaDB) or 5432 (PostgreSQL)
on all DbServers, without having to list the IP addresses.

--Fred
------------------------------------------------------------------------
Fred Stluka -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
------------------------------------------------------------------------

On 3/17/21 11:19 PM, Robert via plug wrote:

To be honest, why are you leaving a dev server open on the internet? Ialso have a vps but I don't need anyone accessing it and if I did Iwould add their IP Address to the firewall to allow it. Simplesolution is to block everything and only allow what needs to get in.
I use IPTABLES with IPSET for this. If I need to add anyone I justadd them to IPSET no need to change/add/remove rules from thefirewall. Presently the only IP's allowed are works public IP and myhome IP.
On 17/03/2021 16:29, Ron Mansolino via plug wrote:
I have a vps that I don't do too much with, essentially a dev server.
Because it sits out on the net it logs an unwieldy number ofintrusion attempts and nosey infogathering requests.
I've been manually filtering these with iptables, but that isn'tscaling well (and it's impossible to block cloud services thatcontinually allocate new netblocks). I'd like to block all of AWS,GCP, etc, but it's like playing whack-a-mole. I could use somesuggestions for a WAF that I won't eventually have to pay for.
also, did the posting rules change here? I don't check here often,and things aren't working as I expect them to.
___________________________________________________________________________
Philadelphia Linux Users Group         -- http://www.phillylinux.org
Announcements -http://lists.phillylinux.org/mailman/listinfo/plug-announceGeneral Discussion --http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Web Ass Pfirewall
  - From: Ron Mansolino via plug <plug@lists.phillylinux.org>
- Re: [PLUG] Web Ass Pfirewall
  - From: Robert via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] Chinese state hackers - new linux malware
Next by Date: Re: [PLUG] Web Ass Pfirewall
Previous by thread: Re: [PLUG] Web Ass Pfirewall
Next by thread: [PLUG] Linux Mint on Intel iMac /w/ Airport Extreme
Index(es):
- Date
- Thread