Joel Linuxdude wrote:
Yes and no, i.e. I can agree with the concept, but I really disagree with the provided services.My Netfilter firewall (unfortunately) is running also my Apache web server, FTP server and Telnet daemon. I honestly think this is ok but its confusing me with the whole firewall aspect.
It is OK to provide some services from your firewall, provided that they are *secure* services. I would recommend to replace telnet and ftp by openssh, as telnet and FTP are both serious security hazards.
Openssh provides sshd (daemon running on your firewall), ssh (secure telnet replacement), sftp (secure ftp replacement) and scp (secure remote copy); "grep ssh /etc/services" and "grep sftp /etc/services" will tell you which ports to open. In case you need to login from a Windoze-machine, a utility called "putty" is available on the internet for download.
Also make sure that your Apache server software is up-to-date, and *if* you use PHP (or you don't, but it is enabled), then carefully check the settings in /etc/php.ini: in particular register_globals and register_argc_argv should be set to Off, unless you want the whole world to be able to setup an environment for your PHP scripts....
With these precautions, I believe that your firewall would be quite well protected.
--
Z.
---------------------------------------------------------
If all you have is a hammer, everything looks like a nail
---------------------------------------------------------
