DirectAdmin Firewall security level (s) - "Low" blocks pings
Posted: 26 Nov 2011, 13:23
Hi guys
I am a newbie to CSF as you will see very soon...
I am using DirectAdmin, managing my new VPS which is running Centos. My site is using only MySQL and PHP.
CSF v5.09 is installed.
Since I am not sure what is the best way to configure the firewall, I thought about using one of the "Firewall Security Levels" provided in CSF (which I access from DirectAdmin).
I thought about trying the "low" level, and if my site works, try the"medium" level. If site still works, try the "high" level. Pretty dumb, but I guess that the guys who prepared these levels know much more than I will know even in few months from now. Also, my VPS and site are not special in any way, so this seems logical to me.
When I set the "low" level ping from other systems stopped working. The site still works fine.
My questions:
- Can you recommend which level of the three default levels (see below) is the best from the above needs, assuming that I want the best security level without putting too much overhead on the system (if the higher levels put significant extra load).
- Is allowing ping a significant breach? I would like to have it open, since it gives a simple way to check whether the server is alive, and there are ways to test response time from various places in the world with ping
Thx
David
Here are the default security levels:
Setting (see the Firewall Configuration for more information)........Current Low Medium High
Block outgoing SMTP connections except for root, exim and mailman 0 0 1 1
Allow outgoing SMTP connections from localhost (127.0.0.1)......... 1 1 1 0
Enable IP range blocking using the DShield Block List................... 0 0 86400 86400
Enable IP range blocking using the Spamhaus DROP List................ 0 0 86400 86400
Enable Connection Tracking................................................ 0 0 400 300
Permanently block Connection Tracking triggered IPs................... 0 0 0 1
Enable Directory Watching...................................................300 300 120 60
Remove suspicious files..................................................... 0 0 1 1
Enable Process Tracking.................................................... 60 60 60 30
Enable User Process Tracking................................................0 0 15 8
Enable User Process Tracking for all system accounts....................0 0 1 1
Skip Apache Process Tracking............................................... 1 1 1 0
Ignore IPs in /etc/relayhosts (cPanel only).................................0 1 0 0
Port Scan protection......................................................... 10 20 10 5
Temporary to Permanent IP blocking..................................... 0 0 0 1
Permanently block IPs by network class................................... 0 0 0 1
System Integrity Checking (md5sum checks...............................0 0 3600 3600
I am a newbie to CSF as you will see very soon...
I am using DirectAdmin, managing my new VPS which is running Centos. My site is using only MySQL and PHP.
CSF v5.09 is installed.
Since I am not sure what is the best way to configure the firewall, I thought about using one of the "Firewall Security Levels" provided in CSF (which I access from DirectAdmin).
I thought about trying the "low" level, and if my site works, try the"medium" level. If site still works, try the "high" level. Pretty dumb, but I guess that the guys who prepared these levels know much more than I will know even in few months from now. Also, my VPS and site are not special in any way, so this seems logical to me.
When I set the "low" level ping from other systems stopped working. The site still works fine.
My questions:
- Can you recommend which level of the three default levels (see below) is the best from the above needs, assuming that I want the best security level without putting too much overhead on the system (if the higher levels put significant extra load).
- Is allowing ping a significant breach? I would like to have it open, since it gives a simple way to check whether the server is alive, and there are ways to test response time from various places in the world with ping
Thx
David
Here are the default security levels:
Setting (see the Firewall Configuration for more information)........Current Low Medium High
Block outgoing SMTP connections except for root, exim and mailman 0 0 1 1
Allow outgoing SMTP connections from localhost (127.0.0.1)......... 1 1 1 0
Enable IP range blocking using the DShield Block List................... 0 0 86400 86400
Enable IP range blocking using the Spamhaus DROP List................ 0 0 86400 86400
Enable Connection Tracking................................................ 0 0 400 300
Permanently block Connection Tracking triggered IPs................... 0 0 0 1
Enable Directory Watching...................................................300 300 120 60
Remove suspicious files..................................................... 0 0 1 1
Enable Process Tracking.................................................... 60 60 60 30
Enable User Process Tracking................................................0 0 15 8
Enable User Process Tracking for all system accounts....................0 0 1 1
Skip Apache Process Tracking............................................... 1 1 1 0
Ignore IPs in /etc/relayhosts (cPanel only).................................0 1 0 0
Port Scan protection......................................................... 10 20 10 5
Temporary to Permanent IP blocking..................................... 0 0 0 1
Permanently block IPs by network class................................... 0 0 0 1
System Integrity Checking (md5sum checks...............................0 0 3600 3600