[H-GEN] Firewall configuration on a remote machine
gavin at microcomaustralia.com.au
Tue Feb 8 21:18:54 EST 2011
I have a Linux VPS server (i.e., it is a figment of Xen's somewhat overactive imagination) with panix.com. Mostly, I think it's fairly secure -- e.g. I run sshd on a non-standard port, and have few services running, etc. I have iptables and ip6tables installed, but I know they're not really configured properly. I do need have some sort of well configured firewall, I think. Especially if I ever get around to running my own mail server (see the discussion on the LCA2011 list about 'escaping the cloud'...).
I had someone recently suggest shorewall, and this does seem like a good option. However, it does warn not to attempt to install on a remote server:
"Do not attempt to install Shorewall on a remote system. You are virtually assured to lock yourself out of that system."
This *may* not be as much of a problem as I'm worrying, as even if I cannot access the server via ssh, I can log on via a local tty using panix's console server. Since it is a Xen virtual machine located somewhere in the US, physical access is of course not an option, though.
I guess my two questions then are:
Should I be as paranoid as I am about installing shorewall on a remote system?
If I should avoid shorewall, what are my other options? (other than learning iptables).
More information about the General