This will be a quick post in which I will share one of my must-do steps when building a firewall. Following the best practices is always a winning decision, but we must not forgot that setups may vary. With this in mind, take into consideration the specifics of your application and infrastructure and don’t follow blindly what you have written.
So, before building the firewall check what services are running on the server. Some of them you may need, some of them not. Quick look through the output of the following command will be a good start:
One of the common mistakes that I have seen is to cut off the network connectivity of a service, because the administrator forgot to allow it in the firewall. Before starting to build the firewall, I check on what ports is the server currently listening on:
sudo netstat -tulpn | grep LISTEN
The command above will show which ports are in state “LISTEN” and what service is using them. Then you can decide which one to be open for the world, for the colleagues from the development and so on.
Well, this post was a short one, hope to find it helpful. 😀