Hi all,
I have an approach I would like feedback on for building a firewall for a system that is already deployed (i.e., multiple servers running in the field with no firewall whatsoever). All of the servers in question are running Linux (RHEL 6 to be exact).
My thought process is to run netstat on each of the servers and look for listening ports (netstat -lnp | grep $pid for each pid I know I care about), and then just add each port to the iptables configuration (using system-config-firewall-tui). The /etc/sysconfig/iptables file would then be saved and controlled for the next deployed system.
I’m sure there are holes in my plan, but does anyone have any suggestions for making this work? Do I need to include any ports other than the listening ports on each server? Is netstat sufficient for finding these ports or do I need to use another tool (e.g., wireshark)?
Thanks for any help!
Edit: after some research, I also plan on using nmap and potentially lsof to find ports in use
No comments:
Post a Comment