[CentOS] Do I need a dedicated firewall?

Thu Dec 12 14:54:59 UTC 2013
Fred Smith <fredex at fcshome.stoneham.ma.us>

On Wed, Dec 11, 2013 at 09:00:25PM -0800, Jason T. Slack-Moehrle wrote:
> Hi All,
> 
> So my electricity bill is through the roof and I need to pair down some
> equipment.
> 
> I have a CentOS 6.5 Server (a few TB, 32gb RAM) running some simple web
> stuff and Zimbra. I have 5 static IP's from Comcast. I am considering
> giving this server a public IP and plugging it directly into my cable
> modem. This box can handle everything with room for me to do more.
> 
> Doing this would allow me to power down my pfSense box and additional
> servers by consolidating onto this single box.
> 
> I have the firewall on on the server and only allowing the few ports I need.
> 
> I dont run ssh on 22
> 
> What do you guys think?

You certainly CAN do it that way.

Being paranoid, I'm in favor of having one "box" that does firewall/routing duties
without any other apps running, to reduce the exposed "attack surface".

I used to run a Smoothwall GPL box as firewall, but like you, I wanted to do
a little something about the power usage. My "solution' was a dedicated
consumer router, which used probably (not measured) a tenth of the juice
of the old PC that ran Smoothwall. I used dd-wrt on it instead of the original
firmware.

-- 
---- Fred Smith -- fredex at fcshome.stoneham.ma.us -----------------------------
                    The Lord detests the way of the wicked 
                  but he loves those who pursue righteousness.
----------------------------- Proverbs 15:9 (niv) -----------------------------