Minimum Security For LVS box ?
malcolm.turnbull at crocus.co.uk
Wed Oct 2 08:37:53 BST 2002
OK, I guess I was just being lazy :-).
which never gives good results.
Peter Mueller wrote:
>>Assuming that you have an LVS loadbalancer running on a linux box
>>and this box is behing a firewall so that only ports 80 & 443 are
>>allowed from clients.
>>Do you really need to harden the loadbalancer firewall rules ?
> Yes, always.
>>i.e. should I enable things like SYN cookie protection etc ?
> It's a good idea to not rely on one firewall box anywhere in your setup. If
> you've got a PIX or Checkpoint or whatever firewall box what harm can it do
> to take 10 minutes now and setup iptables/ipchains packet filter rules,
> basic accept/deny statements like Joe suggests?
> Syncookies is a whole different ballgame. Syncookies as I'm sure you know
> prevent SYN-flooding. Does your firewall safeguard against syn-flooding so
> strongly that you feel syncookies is a bad idea?
> Hope that helps
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
"They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety." - Benjamin Franklin
More information about the lvs-users