[CentOS] Do I need a dedicated firewall?
Paul Heinlein
heinlein at madboa.com
Thu Dec 12 17:17:52 UTC 2013
On Wed, 11 Dec 2013, Jason T. Slack-Moehrle wrote:
> Hi All,
>
> So my electricity bill is through the roof and I need to pair down
> some equipment.
>
> I have a CentOS 6.5 Server (a few TB, 32gb RAM) running some simple
> web stuff and Zimbra. I have 5 static IP's from Comcast. I am
> considering giving this server a public IP and plugging it directly
> into my cable modem. This box can handle everything with room for me
> to do more.
>
> Doing this would allow me to power down my pfSense box and
> additional servers by consolidating onto this single box.
>
> I have the firewall on on the server and only allowing the few ports
> I need.
>
> I dont run ssh on 22
An additional consideration on Comcast's network is IPv6. Comcast will
assign your routing device a /64 netblock in many, perhaps most,
markets.
If, after being connected directly to your Comcast connection and
having its network service restarted, your CentOS box still has an
fe80::/64 address, you have no worries (yet). If you're on a 2601::/64
(or other 2xxx::/64) network, then you're accessible via IPv6.
So make sure that in addition to iptables, you brush up on ip6tables
as well.
--
Paul Heinlein
heinlein at madboa.com
45°38' N, 122°6' W
More information about the CentOS
mailing list