benefits of iptables on VPS?

Question

Say I have a well updated Linux VPS serving HTTP content on port 80 using apache. What would I gain by enabling IPtables?

I can see no obscurity gains since the machine has a port open. Also, since the machine is constantly updated I trust the kernel to securely handle incoming requests on closed ports, which is reasonable right? I hear everywhere that I need to enable iptables but I fail to see the gains. Am I missing something?

Yes, it makes me cry, too :) – MadHatter Mar 20 '14 at 14:51 — MadHatter, Mar 20 '14 at 14:51
@MadHatter: That works for me too – user9517 Mar 20 '14 at 14:56 — user9517, Mar 20 '14 at 14:56
Better safe than sorry, as the saying goes. – vonbrand Mar 21 '14 at 00:17 — vonbrand, Mar 21 '14 at 00:17

score 2 · Answer 1 · answered Mar 20 '14 at 07:17

2

You gain the ability to log traffic easily.

You gain another layer of security. (which you want in today's age)

http://www.geekcomix.com/cgi-bin/classnotes/wiki.pl?UNIX03/IPTables_Advantages_-_Disadvantages_Over_IPChains

for further reading.

answered Mar 20 '14 at 07:17

Pikkaachu

46
4

score 1 · Accepted Answer · answered Mar 20 '14 at 14:45

You are correct in the sense that enabling incoming traffic filtering when you only have a well-known port/service open and the rest closed doesn't buy you much in principle.

That said, there are reasons to set up a firewall:

Consistency/policy; now if you/somebody is testing or by mistake open a service, you'll have to enable it explicitly in the firewall rules.
A small security added in case there's a exploit and there's a new rogue service trying to listen
Blocking whole countries (if your web site is aimed mostly at your country, blocking traffic from typically problematic countries helps a lot)
Using firewall as not just blocking incoming traffic, for example with newer iptables you can limit the number of concurrent connections from same client, thus thwarting abusers scraping your site/malicious robots, some DoS attacks etc
Another example of just not blocking incoming traffic: blocking outgoing traffic, also a bit of an extra security measure in case your server is compromised

score 1 · Answer 3 · answered Mar 20 '14 at 14:48

You're using Ubuntu, which like its Debian parent has the nasty bad habit of enabling and starting every service which gets installed onto the system, whether they are wanted or not. This increases your attack surface; you should check carefully for unwanted services.

In this scenario the firewall helps you by ensuring that only the services you want to be open to the public are actually reachable.

benefits of iptables on VPS?

3 Answers3