Minimum Security For LVS box ?

Malcolm Turnbull malcolm.turnbull at
Wed Oct 2 08:37:53 BST 2002

OK, I guess I was just being lazy :-).
which never gives good results.

Peter Mueller wrote:
>>Assuming that you have an LVS loadbalancer running on a linux box
>>and this box is behing a firewall so that only ports 80 & 443 are 
>>allowed from clients.
>>Do you really need to harden the loadbalancer firewall rules ?
> Yes, always.
>>i.e. should I enable things like SYN cookie protection etc ?
> It's a good idea to not rely on one firewall box anywhere in your setup.  If
> you've got a PIX or Checkpoint or whatever firewall box what harm can it do
> to take 10 minutes now and setup iptables/ipchains packet filter rules,
> basic accept/deny statements like Joe suggests?
> Syncookies is a whole different ballgame.  Syncookies as I'm sure you know
> prevent SYN-flooding.  Does your firewall safeguard against syn-flooding so
> strongly that you feel syncookies is a bad idea?
> Hope that helps
> Peter
> _______________________________________________
> mailing list - lvs-users at
> Send requests to lvs-users-request at
> or go to



Malcolm Turnbull

IT Manager Limited
Nursery Court
London Road
GU20 6LQ

01344 629661
07715 770523

"They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety." - Benjamin Franklin

More information about the lvs-users mailing list