Specifying a Preset Server Type
As well as specifying a firewall security level, you can specify the server types for which the firewall security settings apply. You can specify that all server types apply the firewall security settings. When you do not specify a server type, in effect, you are actually applying the firewall security settings to all server types. Otherwise, you can specify that the firewall security settings apply only to Web servers or Mail services.
How Web Server Settings Affect Firewall Security Settings
Following is an example where the command specifies no firewall security with an additional argument to specify that that the firewall settings apply only to the Web server:
#set_fwlevel 0 w
Following is an example where the command specifies a low level of firewall security with an additional argument to specify that that the firewall settings apply only to the Web server:
#set_fwlevel 1 w
When you specify that firewall security settings apply to Web server (w) process and services, the setting does not change the firewall if you have also specified no (0) or low (1) security applies. However, when you have specified medium (2) or high (3), changes do apply.
Following is an example where the command specifies a medium firewall level of security with an additional argument to specify that that the firewall settings apply only to the Web server:
#set_fwlevel 2 w
When you specify that medium (2) firewall security settings apply to the Web server only (w), your account is open only to the following services, ports, and protocols:
| Services |
Ports |
Protocols |
| FTP-S |
989, 990 |
TCP |
| SSH |
22 |
TCP |
| Telnet-S |
992 |
TCP |
| Outbound SMTP |
25 |
TCP |
| HTTP |
80 |
TCP |
| HTTP-S |
443 |
TCP |
| Web cache |
8080 |
TCP |
| DNS client |
53 |
UDP, TCP |
| NTP |
123 |
UDP |
| Outbound Auth (or identd) |
113 |
TCP |
| |
|
|
| |
|
|
| |
|
|
Following is an example where the command specifies a high level of firewall security with the additional argument to specify that that the firewall settings apply only to the Web server:
#set_fwlevel 3 w
When you specify that high (3) firewall security settings apply to the Web server only (w), your account is open only to the following services, ports, and protocols:
| Services |
Ports |
Protocols |
| SSH |
22 |
TCP |
| Outbound SMTP |
25 |
TCP |
| HTTP |
80 |
TCP |
| HTTP-S |
443 |
TCP |
| Web cache |
8080 |
TCP |
| DNS client |
53 |
UDP, TCP |
| NTP client |
123 |
UDP |
| Outbound Auth (or identd) |
113 |
TCP |
| |
|
|
How Mail Server Settings Affect Firewall Security Settings
Following is an example where the command specifies no firewall security with an additional argument to specify that that the firewall settings apply only to the Mail server:
#set_fwlevel 0 m
Following is an example where the command specifies a low level of firewall security with an additional argument to specify that that the firewall settings apply only to the Mail server:
#set_fwlevel 1 m
When you specify that firewall security settings apply to Mail server (m) processes and services, the setting does not change the firewall if you have also specified no (0) or low (1) security applies. However, when you have specified medium (2) or high (3), changes do apply.
Following is an example where the command specifies a medium level of firewall security with an additional argument to specify that that the firewall settings apply only to the Mail server:
#set_fwlevel 2 m
When you specify that medium (2) firewall security settings apply to the Mail server only (m), your account is open only to the following services, ports, and protocols:
| Services |
Ports |
Protocols |
| FTP-S |
989, 990 |
TCP |
| SSH |
22 |
TCP |
| Telnet-S |
992 |
TCP |
| SMTP-S |
465 |
TCP |
| POP3 |
110 |
TCP |
| POP3-S |
995 |
TCP |
| IMAP |
993 |
TCP |
| IMAP-S |
143 |
TCP |
| DNS client |
53 |
UDP, TCP |
| NTP client |
123 |
UDP |
| Outbound Auth (or identd) |
113 |
UDP |
Following is an example where the command specifies a high level of firewall security with an additional argument to specify that that the firewall settings apply only to the Web server:
#set_fwlevel 3 w
When you specify that high (3) firewall security settings apply to the Mail server only (m), your account is open only to the following services, ports, and protocols:
| Services |
Ports |
Protocols |
| SSH |
22 |
TCP |
| SMTP |
25 |
TCP |
| SMTP-S |
465 |
TCP |
| POP3-S |
995 |
TCP |
| IMAP-S |
993 |
TCP |
| DNS client |
123 |
UDP, TCP |
| NTP client |
123 |
UDP |
| Outbound Auth (or identd) |
113 |
TCP |
| |
|
|
Modifying Your Server Type Settings
If you issue the set_fwlevel command after you have specified a setting for the server type and you do so without including an argument to specify a server type, then the firewall will apply to all processes on the mail server (m) and Web server (w).
In order to modify the server type settings on your account, run the set_fwlevel command again with the setting you would like to establish. For example, if you had previously specified a high (3) level of firewall security with the additional argument that the firewall applies only to the mail server (m) and you wish to switch that argument so that the firewall applies only to the Web server (w), you must issue the following command:
#set_fwlevel 3 w
If, after you have specified that the firewall applies only to the Web server, you wish to switch the firewall security settings to the mail server, you must issue the following command:
#set_fwlevel 3 m
|
