**This is an old revision of the document!**
ubnetdef
Our front-facing public webserver. You're literally connected to this server right now, as you're on our wiki.
Host Information
- IP: 128.205.44.157
- Reverse DNS: net-def.cse.buffalo.edu
- vCenter Cluster: UBNetDef / LEGACY
- vCenter Datastore: cdr-iscsi2
Access Control
Accounts on this machine is manually controlled.
Firewall Rules
As this machine is dual-homed, we have additional firewall rules on it. Below is the (saved) IPTables rules.
- /etc/iptables/rules.v4
# Generated by iptables-save v1.4.21 on Fri Mar 24 01:42:15 2017 *filter :INPUT DROP [1:36] :FORWARD ACCEPT [0:0] :OUTPUT DROP [1:84] :fail2ban-ssh - [0:0] -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A fail2ban-ssh -j RETURN -A fail2ban-ssh -j RETURN COMMIT # Completed on Fri Mar 24 01:42:15 2017
Notes
fail2ban is installed, protecting against SSH bruteforce attacks. Don't mess up a login multiple times, as your IP will be banned.