Re: [qmailtoaster] Re: firewall rules

Tue, 31 May 2011 16:59:29 -0700 


On 05/31/2011 03:29 PM, Eric Shubert wrote:

On 05/31/2011 08:34 AM, Cecil Yother, Jr. wrote:

IIRC you can close 20 and 21 (FTP), 23 (Telnet), 43 (whois), 123 (NTP).
This is of course unless you use any of these services.



To be a little clearer, you can close these ports so long as you don't 
*serve* these services. For example, you can close port 123 (NTP) and 
still use ntpd as an ntp client to keep time on the server. You'd only 
need to open the port if you're providing ntp services to other 
clients (as a server). This is provided you have a rule that allows 
established sessions to pass the firewall, which you should.



FTP can be moved
to a non standard port and will decrease attacks by 99%.



If you need to provide ftp services, use of non-standard ports is 
highly recommended. You shouldn't need to run an ftp server on QMT, 
unless you're hosting a web site as well and need to allow a way for 
developers to update the web site.



953, 993, and
995 are for secure mail transport.



Not quite right. 953 appears to be for bind 9, which you shouldn't 
need. Running an authoritative domain name server on QMT is not 
recommended.



Port 993 is for imap-ssl and 995 is for pop3-ssl, both of which you 
probably want to have open. They're not necessarily required though, 
depending on if your users might need them or not.



I guess I did OK from memory...

--
Cecil Yother, Jr. "cj"
cj's
2318 Clement Ave
Alameda, CA  94501

tel 510.865.2787 | http://yother.com
Check out the new Volvo classified resource http://www.volvoclassified.com


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.

    
     To unsubscribe, e-mail: [email protected]

    For additional commands, e-mail: [email protected]
























					Reply via email to