DirectAdmin Firewall security level (s) - "Low" blocks pings

Post Reply
footballmosaic
Junior Member
Posts: 2
Joined: 26 Nov 2011, 12:57

DirectAdmin Firewall security level (s) - "Low" blocks pings

Post by footballmosaic »

Hi guys

I am a newbie to CSF as you will see very soon...

I am using DirectAdmin, managing my new VPS which is running Centos. My site is using only MySQL and PHP.
CSF v5.09 is installed.

Since I am not sure what is the best way to configure the firewall, I thought about using one of the "Firewall Security Levels" provided in CSF (which I access from DirectAdmin).

I thought about trying the "low" level, and if my site works, try the"medium" level. If site still works, try the "high" level. Pretty dumb, but I guess that the guys who prepared these levels know much more than I will know even in few months from now. Also, my VPS and site are not special in any way, so this seems logical to me.

When I set the "low" level ping from other systems stopped working. The site still works fine.

My questions:
- Can you recommend which level of the three default levels (see below) is the best from the above needs, assuming that I want the best security level without putting too much overhead on the system (if the higher levels put significant extra load).
- Is allowing ping a significant breach? I would like to have it open, since it gives a simple way to check whether the server is alive, and there are ways to test response time from various places in the world with ping

Thx
David

Here are the default security levels:

Setting (see the Firewall Configuration for more information)........Current Low Medium High
Block outgoing SMTP connections except for root, exim and mailman 0 0 1 1
Allow outgoing SMTP connections from localhost (127.0.0.1)......... 1 1 1 0
Enable IP range blocking using the DShield Block List................... 0 0 86400 86400
Enable IP range blocking using the Spamhaus DROP List................ 0 0 86400 86400
Enable Connection Tracking................................................ 0 0 400 300
Permanently block Connection Tracking triggered IPs................... 0 0 0 1
Enable Directory Watching...................................................300 300 120 60
Remove suspicious files..................................................... 0 0 1 1
Enable Process Tracking.................................................... 60 60 60 30
Enable User Process Tracking................................................0 0 15 8
Enable User Process Tracking for all system accounts....................0 0 1 1
Skip Apache Process Tracking............................................... 1 1 1 0
Ignore IPs in /etc/relayhosts (cPanel only).................................0 1 0 0
Port Scan protection......................................................... 10 20 10 5
Temporary to Permanent IP blocking..................................... 0 0 0 1
Permanently block IPs by network class................................... 0 0 0 1
System Integrity Checking (md5sum checks...............................0 0 3600 3600
footballmosaic
Junior Member
Posts: 2
Joined: 26 Nov 2011, 12:57

Re: DirectAdmin Firewall security level (s) - "Low" blocks p

Post by footballmosaic »

oops, I was wrong... Newbite, I told you :-)

It doesn't block pings, it sets the per IP address incoming ICMP packet rate to 1 second.
SO here my questions, revised:

My questions:
- Can you recommend which level of the three default levels (see below) is the best from the above needs, assuming that I want the best security level without putting too much overhead on the system (if the higher levels put significant extra load).
- Is allowing a higher packet rate of ping (e.g. even without a limit) a significant breach?
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Re: DirectAdmin Firewall security level (s) - "Low" blocks p

Post by chirpy »

We'd recommend going through csf.conf and configuring each option to suit your environment rather than relying on the somewhat arbitrary level options. high levels of pings can cause serious network limitations (called Ping Of Death), what rate you set it to depends on your needs, but setting it too high would render enabling the option moot.
ana
Junior Member
Posts: 2
Joined: 22 Oct 2013, 17:52

Re: DirectAdmin Firewall security level (s) - "Low" blocks p

Post by ana »

Hello,
How can I set the default?

Thanks
ana
Junior Member
Posts: 2
Joined: 22 Oct 2013, 17:52

Re: DirectAdmin Firewall security level (s) - "Low" blocks p

Post by ana »

My setting is:
Firewall Security Level
Setting (see the Firewall Configuration for more information) Current Low Medium High
Block outgoing SMTP connections except for root, exim and mailman 1 0 1 1
Allow outgoing SMTP connections from localhost (127.0.0.1) 1 1 1 0
Enable IP range blocking using the DShield Block List 0 86400 86400
Enable IP range blocking using the Spamhaus DROP List 0 86400 86400
Enable Connection Tracking 200 0 400 300
Permanently block Connection Tracking triggered IPs 0 0 0 1
Enable Directory Watching 300 300 120 60
Remove suspicious files 0 0 1 1
Enable Process Tracking 60 60 60 30
Enable User Process Tracking 0 0 15 8
Enable User Process Tracking for all system accounts 1 0 1 1
Skip Apache Process Tracking 0 1 1 0
Ignore IPs in /etc/relayhosts (cPanel only) 1 1 0 0
Port Scan protection 10 20 10 5
Temporary to Permanent IP blocking 1 0 0 1
Permanently block IPs by network class 0 0 0 1
System Integrity Checking (md5sum checks) 3600 0 3600 3600

Please help me to config the bast status.

Thanks
Post Reply