Linux Firewall

4 posts / 0 new
Last post
#1 Fri, 05/22/2015 - 03:50
DoubleSpeed

Linux Firewall

Is it possible to use the Linux Firewall to block the ports however to allow selected 'users' to be able to use FTP connections?

Fri, 05/22/2015 - 06:11
Diabolico
Diabolico's picture

Yes, you can do this in two ways: "selected users" have static IP (all of them) or you could go with port knocking. Only simple solution is if "selected users" have static IP as for port knocking you must use more than just usual FTP software. Personally i think this is just waste of time and i dont see the point in doing such thing.

If you are afraid in brute force attacks just install fail2ban.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Fri, 05/22/2015 - 07:15
DoubleSpeed

Thanks, just wanted to secure as far as possible for basic level of PCI Compliance so wanted to lock down as far as possible, the particular user concerned doesn't have a fixed IP so wanted to try and block the port except to one user.

Fri, 05/22/2015 - 09:31
Diabolico
Diabolico's picture

You can always change default port for FTP, SSH, Webmin, Usermin... but then you must provide new info to your users. Aside of Webmin and Usermin other services have pros and cons if you change default port, just to mention few of them: pros - bots picking up standard ports will stop bothering you, log files will not be full of failed login attempts, you dont need to worry too much if your users have used strong and nonstandard passwords... cons - some other services could not work on non-standard ports, in case of ssh you have a chance of local users can cause a DoS attack (real chance to happen is really low but worth to consider in shared hosting environment with hundreds of users), port scanners will mange to pick up sooner or later your ports (still classic bots will not be present)...

Either way if you want to change go for ports bigger than 1024 as anything lover is usually reserved and could cause some conflicts.

If you dont know what i'm talking then my advice is to google all this before you take a chance or pay someone to do the job instead of you.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Topic locked