Ok, this might be a bit lengthly, so bare with me. There is some setup to this.
I am in the process of hosting my own Web Server, Mail Server, FTP Server, and whatever else I can think of from my home. I plan on running Linux everything for obvious reasons.
I have a LINKSYS router. I have disabled remote administration and PING on my router. So to the outside world, it is pretty invisible. Priliminary
testing, I have setup a web server and an FTP server, both on standard ports 80 and 21. I setup port forwarding on my router so that incoming requests on those ports get forwarded to the appropriate internal address. All works beautifully.
So now I am concerning myself with security. My web site I have hosted at IMHosted does not get a lot of traffic. It's more for me and my friend to document things, but we still want it available. Anyway, I know how to handle IPTables in Linux but I am wondering if I REALLY need to do this?
Here is my thought: Linux is pretty darn secure in the sense that I don't have to worry a lot about worms and viruses. My biggest concern on my Web Server is DoS attacks. Now I know that if I am getting a DoS attack and can determine the IP range I could use IPTables to block that IP range until the attack was over. This is something I can't do with my router alone without just turning of port 80 forwarding.
But I am not sure if I want to deal with a firewall for the simple little things I am doing.
In a nutshell, how important is having a firewall in front of a LINUX backend for a home environment like I am setting up? Just looking for opinions and suggestions here.
Thanks.
[ August 29, 2003: Message edited by: Gregg Bolinger ]