S
S
SkazochNik2014-02-21 09:23:30
linux
SkazochNik, 2014-02-21 09:23:30

Restricting access at the firewall or service level?

Let's imagine a server on modern linux with a bunch of network interfaces. Some of the interfaces look to the Internet, the other part only to the local network (where bearded admins and site fillers sit).
Our task is to make apache / ftp and so on work from the Internet, all sorts of ssh / samba and others - from the local network.
Option 1:
We open services on all interfaces and restrict access through some iptables / ipfw or whatever is fashionable there now.
Option 2:
We decide on which interface to hang the service with the settings of the service itself.
Interested in which option is safer, which is better in terms of speed and how then to live with it?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
S
sonik_spb, 2014-02-21
@SkazochNik

Strange question =)
In terms of performance:
If you limit it with a firewall, then the load will go to it (minuscule most likely)
If you limit it with software settings, then the firewall will not have to work.
In terms of security:
Everything that is not explicitly allowed should be killed by the Firewall. And that's all =)
It's probably worth setting up services by interfaces and not forgetting about the firewall.

V
Vlad Zhivotnev, 2014-02-21
@inkvizitor68sl

What's stopping you from combining?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question