Support Center > Knowledgebase > DirectAdmin > System Level > I need a firewall. What are my options?

Add to Favourites Add to Favourites    Print this Article Print this Article

Knowledgebase

I need a firewall. What are my options?

You should be running a firewall.
The firewalls that come with your system don't usually have the required ports open, nor to they have the ability to automatically block attacking IPs.

Most people use option #3:
  1. The free plugin called CSF is a popular choice:
    http://configserver.com/cp/csf.html


  2. Alternatively, we provide a free iptables script for the Brute Force Monitor (BFM), including several scripts to link it with DA such that DA can monitor and act on attacks, blocking IPs.
    http://help.directadmin.com/item.php?id=380


  3. Both: If you decide to use CSF, there are a set of scripts which can be used to link the BFM to CSF, so you get the best of both.  It will use the iptables configuration, and all features of CSF, plus the added benefit of the BFM to find some extra cases which triggers the blocks using CSF.
    https://help.poralix.com/articles/how-to-block-ips-with-csf-directadmin-bfm

    Fast version of the above guide:

    wget http://files.directadmin.com/services/all/csf/csf_install.sh
    /bin/sh ./csf_install.sh

  4. Shorewall: Guide provided by client:
    https://github.com/marknl/directadmin-shorewall


NOTE
For FTP with TLS, you must explicitly tell iptables to open ports 35000-35999 because the ip_conntrack_ftp cannot decrypt the ftp data port, so can't open it on the fly.
For CSF: http://forum.directadmin.com/showthread.php?t=50759&p=262589#post262589
For block_ip/iptables: http://forum.directadmin.com/showthread.php?t=50759&p=262346#post262346

Was this answer helpful?

Also Read

Πληροφορίες

Υποστήριξη

Πίνακας Διαχείρισης

Επικοινωνία



noecis Ltd © 2020