• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Which Firewall?

Z

zboyblue

Guest
I am curious as to people's opinion on which Firewall setup to use.

I am currently using iptables in my Cisco router as my firewall solution but would like to use something a little more user friendly and maybe better (if possible).

I thought about maybe something like a stand alone linux machine running some sort of firewall software that makes the sole purpose of that machine a firewall.

I also thought about opening all ports coming to Plesk in my current setup and using the Plesk firewall built into Plesk. The downside to this I guess is that you then allow traffic to come inside your network before stopping it at the box. Plus that would only make configing that machine easy as opposed to the whole network.

What would you reccommend as the best solution?

Craig
 
Hello

I am not too sure but doesn't the 'Plesk' firewall just use iptables?

Anyway I turned it on for good measure :)

I also use apf with bfd.

Any other recommendations anyone?

Alan
 
What is apf with bfd? I have heard that before but I cannot remember where and am not quite sure what it is.

Craig
 
APF - Advanced Policy Firewall

BFD - Brute Force Detection

What BFD does if it detects anyone using some war script which try every password combation via your server SSH or FTP and BFD will detect it and add the ip it coming from to the APF firewall blocking all access to the server on all ports ..

You can add your own ip to the APF allow host so in case you accidently type in wrong password several time in a row and get detected by BFD then it won't lock you out of your own server ..

APF also come with a antidos so if anyone doing a mass tcp packet to your server it will add and block those ips as well too.


APF website - http://www.rfxnetworks.com/proj.php

Bill
 
Oh wow, that sounds cool.

Can you install them on different servers and have them still work together like that?

For instance could you put BDF on your Plesk server to detect the brute force and put the APF on another standalone server that acts as a firewall for your system? That way if they get blocked it is fron the entire network?

Know what I mean? Ideas?

Craig
 
Technically it's possible to do that by copying the deny IP list from the server BFD's running on to your gateway firewall - rsync or similar would do it.
 
Is that like super hard or not really "real time" or anything that would make it undesirable?

I am just wondering the "best" firewall solution for both my Plesk box and my network too. (Our Plesk box is on our network along with all our workstations, etc)

Let me know your thoughts!


Craig
 
Back
Top