Portal Home > Knowledgebase > Articles Database > Is it necessary to use iptables if my server has a hardware firewall?
Is it necessary to use iptables if my server has a hardware firewall?
Posted by Topkat325, 06-29-2015, 02:51 AM |
I've just recently got a dedicated server with 1and1. It had iptables setup and running on the server, but I couldn't get any incoming emails to Horde email, so I turned off iptables and it fixed the problem.
Is it safe to use my server without iptables when I have a hardware firewall that's setup and running? I also have fail2ban installed on the server.
Thanks for reading.
|
Posted by net, 06-29-2015, 03:04 AM |
It is recommended to have a software firewall. You need to make sure it is opened for such services like mails.
|
Posted by brianoz, 06-30-2015, 10:52 PM |
A software firewall can catch some things that a hardware firewall doesn't.
We often install "csf" as it makes managing firewall rules very easy for simple exclusions and even things like blocklists and country regions (eg block a country).
[To clarify: CSF uses iptables to do the firewall stuff, but it provides a layer on top that makes life easier, especially useful if you're just getting started.]
|
Posted by Topkat325, 07-01-2015, 02:52 AM |
Thanks for your advice guys. I will look into CSF.
|
Posted by Woxinro, 07-04-2015, 04:16 PM |
1and1 themselves recommends using additional software firewall for additional security. [Ref : https://help.1and1.com/servers-c3768...s-a781513.html ]
CSF interface for IPtables would be a good choice with its multiple security filters for intrusion detection and security applications. Fail2ban helps in preventing brute force.
Going for a hardening to close any local exploits would be a good idea to keep your servers safe. Attacks needn't be always from external sources, it can happen from within your server as well.
|
Posted by Topkat325, 07-05-2015, 02:32 AM |
Thanks for your advice Woxinro :-)
|
Posted by Srv24x7, 07-05-2015, 12:59 PM |
Hi,
You should continue to use the software firewall too. A very good explanation is given my mcafee. Hardware firewalls are more capable of handling high DDOS attacks whereas software firewall fails in this.
home.mcafee.com/advicecenter/?id=ad_ost_hvsf&ctst=1
|
Add to Favourites Print this Article
Also Read