[Server-devel] recommended ip fw rules

David Van Assche dvanassche at gmail.com
Tue Aug 5 07:56:57 EDT 2008


So, even though we are using shorewall for now (it didnt break with an
upgrade from 163 to 164, if it does at some point, we'll go back to
using straight iptables) here are some recommended additions/changes:

- change port 3128 to 8081 (if one installs dansguardian, which really
should be integrated)
- make an exception for local internal ip, otherwise moodle and other
internal stuff is super slow
- firewall everything but allow smtp, pop3 or imap, web, ejabberd
(server 2 server)
- traffic shape into 3 categories (low prio, normal and high prio)
which would correspond to:
high prio: ssh
normal: everything except high and low
low: p2p, ftp

Not sure where ejabberd should go in there... probably normal...

I havent added our rules as they will differ from what you would do
with straight iptables...

Kind Regards,
David


More information about the Server-devel mailing list