[CentOS] Do I need a dedicated firewall?

Thu Dec 12 17:17:52 UTC 2013
Paul Heinlein <heinlein at madboa.com>

On Wed, 11 Dec 2013, Jason T. Slack-Moehrle wrote:

> Hi All,
>
> So my electricity bill is through the roof and I need to pair down 
> some equipment.
>
> I have a CentOS 6.5 Server (a few TB, 32gb RAM) running some simple 
> web stuff and Zimbra. I have 5 static IP's from Comcast. I am 
> considering giving this server a public IP and plugging it directly 
> into my cable modem. This box can handle everything with room for me 
> to do more.
>
> Doing this would allow me to power down my pfSense box and 
> additional servers by consolidating onto this single box.
>
> I have the firewall on on the server and only allowing the few ports 
> I need.
>
> I dont run ssh on 22

An additional consideration on Comcast's network is IPv6. Comcast will 
assign your routing device a /64 netblock in many, perhaps most, 
markets.

If, after being connected directly to your Comcast connection and 
having its network service restarted, your CentOS box still has an 
fe80::/64 address, you have no worries (yet). If you're on a 2601::/64 
(or other 2xxx::/64) network, then you're accessible via IPv6.

So make sure that in addition to iptables, you brush up on ip6tables 
as well.

-- 
Paul Heinlein
heinlein at madboa.com
45°38' N, 122°6' W