On 4/7/07, simon@kmun.gov.kw <simon@kmun.gov.kw> wrote:> sorry for my earlier incomplete mail:... > > Dear All, > > I am using CentOS 4 which is used as a mail server running and everything > workin fine > I am new to shorewall and like to install shorewall on the above mail server > > can i install shorewall on the mail server or do i need a separate machineInstalling it on the same machine should have minimal impact. What''s your load like?> cd i have any example of rules for the aboveYou''ll want to allow whatever ports you''re using for incoming and outgoing mail, and perhaps SSH as well. Then block everything else. This should be straightforward to set up with the extensive documentation Tom has posted on shorewall.net.> will performance and speed be affected if shorewall is run on the same serverYes, of course. Probably not enough to notice, though ;) Running filtering rules is pretty cheap, but if you''re on the ragged edge as it is you might be pushed over the edge. In that case you shouldn''t just use a separate machine for firewalling, though; set up a cluster where each machine is running a firewall and mail daemons. Will ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
sorry for my earlier incomplete mail:... Dear All, I am using CentOS 4 which is used as a mail server running and everything workin fine I am new to shorewall and like to install shorewall on the above mail server can i install shorewall on the mail server or do i need a separate machine cd i have any example of rules for the above will performance and speed be affected if shorewall is run on the same server Thanks and appreciate ur reply Regards simon ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Will Murnane wrote:> On 4/7/07, simon@kmun.gov.kw <simon@kmun.gov.kw> wrote:>> cd i have any example of rules for the above > You''ll want to allow whatever ports you''re using for incoming and > outgoing mail, and perhaps SSH as well. Then block everything else. > This should be straightforward to set up with the extensive > documentation Tom has posted on shorewall.net.In particular: http://www.shorewall.net/Introduction.html http://www.shorewall.net/standalone.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV