RE: Minimum Security For LVS box ?

To:	"'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	RE: Minimum Security For LVS box ?
From:	Peter Mueller <pmueller@xxxxxxxxxxxx>
Date:	Tue, 1 Oct 2002 13:00:03 -0700

> Assuming that you have an LVS loadbalancer running on a linux box
> and this box is behing a firewall so that only ports 80 & 443 are 
> allowed from clients.
> 
> Do you really need to harden the loadbalancer firewall rules ?

Yes, always.

> i.e. should I enable things like SYN cookie protection etc ?

It's a good idea to not rely on one firewall box anywhere in your setup.  If
you've got a PIX or Checkpoint or whatever firewall box what harm can it do
to take 10 minutes now and setup iptables/ipchains packet filter rules,
basic accept/deny statements like Joe suggests?

Syncookies is a whole different ballgame.  Syncookies as I'm sure you know
prevent SYN-flooding.  Does your firewall safeguard against syn-flooding so
strongly that you feel syncookies is a bad idea?

Hope that helps

Peter

<Prev in Thread]	Current Thread	[Next in Thread>
Minimum Security For LVS box ?, Malcolm Turnbull Re: Minimum Security For LVS box ?, Joseph Mack RE: Minimum Security For LVS box ?, Peter Mueller <= Re: Minimum Security For LVS box ?, Malcolm Turnbull Re: Minimum Security For LVS box ?, Joseph Mack Re: Minimum Security For LVS box ?, Roberto Nibali

Previous by Date:	RE: No buffer space available, Jeremy Kusnetz
Next by Date:	iptables and lvs_nat, Tim Cronin
Previous by Thread:	Re: Minimum Security For LVS box ?, Joseph Mack
Next by Thread:	Re: Minimum Security For LVS box ?, Malcolm Turnbull
Indexes:	[Date] [Thread] [Top] [All Lists]