[qmailtoaster] Re: firewall rules

Tue, 31 May 2011 15:30:03 -0700 

On 05/31/2011 08:34 AM, Cecil Yother, Jr. wrote:

IIRC you can close 20 and 21 (FTP), 23 (Telnet), 43 (whois), 123 (NTP).
This is of course unless you use any of these services.



To be a little clearer, you can close these ports so long as you don't 
*serve* these services. For example, you can close port 123 (NTP) and 
still use ntpd as an ntp client to keep time on the server. You'd only 
need to open the port if you're providing ntp services to other clients 
(as a server). This is provided you have a rule that allows established 
sessions to pass the firewall, which you should.



FTP can be moved
to a non standard port and will decrease attacks by 99%.



If you need to provide ftp services, use of non-standard ports is highly 
recommended. You shouldn't need to run an ftp server on QMT, unless 
you're hosting a web site as well and need to allow a way for developers 
to update the web site.



953, 993, and
995 are for secure mail transport.



Not quite right. 953 appears to be for bind 9, which you shouldn't need. 
Running an authoritative domain name server on QMT is not recommended.



Port 993 is for imap-ssl and 995 is for pop3-ssl, both of which you 
probably want to have open. They're not necessarily required though, 
depending on if your users might need them or not.


--
-Eric 'shubes'


On 05/31/2011 09:21 AM, [email protected] wrote:

Hi Guys, trying to tighten up the qmail server more:
Can I close any of these ports: not sure waht they may be needed for:
tcp dpt:20
tcp dpt:21
tcp dpt:23
tcp dpt:43
udp dpt:123
tcp dpt:953
udp dpt:953
tcp dpt:993
tcp dpt:995
Thanks all
madmac


--
Cecil Yother, Jr. "cj"
cj's
2318 Clement Ave
Alameda, CA  94501

tel 510.865.2787 |http://yother.com
Check out the new Volvo classified resourcehttp://www.volvoclassified.com





---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.

    
     To unsubscribe, e-mail: [email protected]

    For additional commands, e-mail: [email protected]
























					Reply via email to