Iptables Best Rules for Kloxo-MR

[prgs1971]

I will use my VPS to shared hosting and i want to secure it against DDOS Attacks and everything that will be necessary.

For what i can see Kloxo-MR don't use Iptables or other Firewall.

I want to enable a Firewall like Iptables or other.

What will be the best rules to apply to Iptables Firewall and how can i do that?

[MRatWork]

All my servers not use IPTables/CSF because I think if using nginx-proxy we already have protect by nginx. Kloxo-MR panel (also Kloxo) have lxguard to protect ssh and ftp port.

But, using IPtables/CSF not bad idea.

[prgs1971]

I never heard about using a server without Firewall enabled...

Do you what is the best rules to apply to it?

Do you know any good tutorial?

[MRatWork]

Because not using firewall, I am not intense to explorer this services.

Better install webmin in your server becuase webmin cooperate with Kloxo-MR. All my servers always webmin ready.

We can call Webmin as 'GUI for SSH'.

Firewall module in Webmin more easy to setting rather than manual settting.

[prgs1971]

Any good tutorial to setup webadmin?

How much memory webadmin will consume?

[MRatWork]

No webadmin but webmin. Go to www.webmin to know about it.

Webmin itself (like Kloxo-MR) only use 25-40 MB.

[chrisf]

I would suggest CSF and I can help you - the install process is easy and it watches everything.

And if you later have more servers you can configure it to cluster and block i.p.'s across your cluster.

It notifies you of ssh access, sudo su access.

I have directories that should never change (web) it watches them - if potential hack does occur I know in real time.

It beats LxGuard every time.  I have LxGuard set to 5 - CSF to 10.  CSF always blocks the i.p. before LxGuard.  I think it deals with when and how frequent it reads the logs.

Memory is minimal - processes are minimal. (although it is running so it does take a small footprint)

If you need help let me know.  There are some rules for csf.pignore Kloxo specific so you don't get a million emails about "suspicious process".

I learnt most from hours of research and trial and error.  But I know that CSF blocks about 10 i.p.'s a day (temporary blocks) for port scanning. (10 hits on ports not available)

[starbolt]

Kloxo has a ready-to-go firewall script that you can find at http://wiki.lxcenter.org/How+to+secure+ ... h+IPTABLES

It works pretty well on Kloxo, but on Kloxo-MR you will have to add a couple rules in it. If you are aware on which softwares you are using, just add the ports they are listening to the script and you should be all set.

[prgs1971]

I would suggest CSF and I can help you - the install process is easy and it watches everything.

And if you later have more servers you can configure it to cluster and block i.p.'s across your cluster.

It notifies you of ssh access, sudo su access.

I have directories that should never change (web) it watches them - if potential hack does occur I know in real time.

It beats LxGuard every time.  I have LxGuard set to 5 - CSF to 10.  CSF always blocks the i.p. before LxGuard.  I think it deals with when and how frequent it reads the logs.

Memory is minimal - processes are minimal. (although it is running so it does take a small footprint)

If you need help let me know.  There are some rules for csf.pignore Kloxo specific so you don't get a million emails about "suspicious process".

I learnt most from hours of research and trial and error.  But I know that CSF blocks about 10 i.p.'s a day (temporary blocks) for port scanning. (10 hits on ports not available)

I am interested in this one

Do you have any tutorial?

[prgs1971]

Kloxo has a ready-to-go firewall script that you can find at http://wiki.lxcenter.org/How+to+secure+ ... h+IPTABLES

It works pretty well on Kloxo, but on Kloxo-MR you will have to add a couple rules in it. If you are aware on which softwares you are using, just add the ports they are listening to the script and you should be all set.

Thank you for this tip

I will try CSF firewall first.

[chrisf]

I will write instructions for you.  I will have them posted by tomorrow

[prgs1971]

Just write a tutorial in this forum and then leave the link to it here

Many thanks for your help

[chrisf]

Instructions for CSF install with KloxoMR written here:

forum.mratwork.com/viewtopic.php?f=15&t=19200

If you have questions please do it under that post.

Enjoy

[prgs1971]

Many thanks for this very detailed Tutorial  8-)

If you came to Portugal i will pay you a drink  

[chrisf]

http://forum.mratwork.com/viewtopic.php?f=15&t=19200

Clickable link

No problem!  Glad I can help.