Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Recommend me a software firewall?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Recommend me a software firewall?

InsidieaInsidiea Member
edited May 2012 in Help

Hey guys, I just wanted to get your advice on a software firewall I should use for my Ubuntu box, I get brute force attacks on SSH every day, and I would like a firewall that auto-bans IPs when they fail to connect a certain number of times & also filter out some basic dos attacks.

Thanks,

Comments

  • Fail2Ban will do the incorrect logins with ease.

    Thanked by 1Insidiea
  • Why not use SSH keys? That will eliminate your need for a firewall.

  • BHostBHost Member

    @Daniel said: Fail2Ban will do the incorrect logins with ease.

    I'd second that if you really need passwords/maybe rate limiting with iptables too depending on circumstances. But I'd be asking if you really need SSH password authentication on or could instead change to key authentication.

  • @gsrdgrdghd said: Why not use SSH keys? That will eliminate your need for a firewall.

    Won't you need the keyfile everywhere you go? would be pretty annoying to have to have the key file with you.

  • BHostBHost Member

    @Insidiea said: Won't you need the keyfile everywhere you go? would be pretty annoying to have to have the key file with you.

    Yeh, but depends on what it's for i.e. how secure vs. how accessible it needs to be.

    A handy trade-off if you have an Android/iPhone is setting up SSH using Google's Two-Factor PAM module, as per http://www.techrepublic.com/blog/opensource/two-factor-ssh-authentication-via-google-secures-linux-logins/2607

    Just need the Google Auth app on your phone then. Used that for personal stuff before.

  • sleddogsleddog Member

    Is this a personal box, or do you also have clients logging in by SSH? If it's a personal box it's simpler to setup iptables with some rules to run at boot time to only allow SSH login from your IP or network. CSF, APF, fail2ban are a tad heavy for a lowendbox.

  • raindog308raindog308 Administrator, Veteran

    @gsrdgrdghd said: Why not use SSH keys? That will eliminate your need for a firewall.

    What? Firewalls have other benefits.

    @Insidiea said: Won't you need the keyfile everywhere you go? would be pretty annoying to have to have the key file with you.

    Security is always the inverse of convenience.

    @Insidiea - you can reduce that problem dramatically by running ssh on a random high port.

    I like CSF and use it but fail2ban is another oft-mentioned alternative.

  • AldryicAldryic Member

    1) Use a nonstandard port
    2) Use RSA keys (I carry a microUSB with a handful of locked keyfiles)
    3) Disable root and password-based logins

    You are now protected from 99% of brutes. Enable a service such as fail2ban, and you can bump that up to .99

  • InsidieaInsidiea Member
    edited May 2012

    @sleddog said: Is this a personal box, or do you also have clients logging in by SSH? If it's a personal box it's simpler to setup iptables with some rules to run at boot time to only allow SSH login from your IP or network. CSF, APF, fail2ban are a tad heavy for a lowendbox.

    The server is for Minecraft, and it doesn't really need to be accessed from everywhere, so I guess I could setup a SSH Key, anyone know of a good detailed tutorial?

    I run a fair sized community, and every once and a while there's these kids trying to take down the server by dosing it, they don't really succeed, but I have a 1gbps line so I'm not sure if that has anything to do with it.

    As far as a firewall being intensive on the box, to clarify it's a dedicated server with 8GB of RAM and a i3 3.10GHz, I would prefer to keep the resource usage as little as possible for the fire wall though.

Sign In or Register to comment.