I am running the latest version of Debian Linux.

It is run in the Demilitarized Zone ( DMZ ) on my home network. My internet address has a static ip ( it never changes )


Do I need to install some type of firewall, or make some special configurations to protect the Debian Server or is the raw installation and operating system already secure.

I have looked in numerous Linux threads and I have not been able to identify a straight or valid answer.

I have seen both views, some people say you need a firewall others say that Debian is built protected the way it is.

I am kind of new to Linux but I have the basic grasp of how to use it.

The servers I run are

Pure FTP - Not a standalone but "built-in" I think its runinng as a Daemon or something like that and you need to have a registered username to access it. Uses ports 20 and 21, and then a long range of PASV ports

Counter-Strike Server. Uses port 27015

TeamSpeak Server. Uses port 8767

And i am planning to setup SSH which runs off port 22 i think.

Now the server is in the DMZ so from my understanding all the ports are already forwarded to it.

Does it need extra protection?

The short answer is YES. It's always good to have an extra layer protection.
You can begin by just leaving all necessary ports opened and closing the rest...

Yay!! My first post here

If you install a firewall, you still can choose to disable it, if you feel disturbed by a too high level of protection. If you have no firewall, you have no protection, you cannot know how other systems are looking at yours.
Yordan

hey BitShift im jjust a bit curious. You said you've got a CS Server running. How many player slots?
The reason im asking is because when i installed a CS Server on linux (RedHat) once more then 4 or 5 people connected the server would get real laggy.
I've currently got 1mb broadband with i think 214 upload, which isnt that good ;/
Do you simply have DSL or T1?
If you could please post your Upload/Download speed.
Thx alot!

Yay its my first post here aswell!!!

You should aim to get a connection w/ 3.0 mbpsdl 500KBPS upload. This is aa bare minimum to host any game servers.


xboxrulz

OR... better than any firewall.... turn off DMZ.

why did you enable it anyways ?

well....you said that you were unable to get a concrete reply on which you could rely upon. I must add a sentence my friend: you will never be able to decide...even from here you wont get a concrete reply to rely upon. The basic problem is not with us others or Linux. The basic problem is with you: You yourself dont know that your lInux is well protected or not.

By the very design of Linux, it is well designed and protected in their Raw installation. But as far as the protection is concerned, I must say that even though there are a whole lot less number of both Bots like viruses and humans like hackers to target Linux but the number is certaily growing and who Knows that your computer might be the next target ? So its always better to get a better protection. And afterall you wont have the same number of programs in linux as in windows...so not many conections are required simultaneously. So why leave open ports ( read ports as holes)? Just close them... You surely need a Firewall ( yeah ...SURELY). Now its all I can suggest. At the end of the day the decision will always be yours...

So If you are not concerned with that extra 3% usage of your procesor, just get a firewall!

Prevention is better than cure


Go for a firewall at the earliest . People say that Linux is not affected by virus . But it is not true . The truth is that the viruses existing

for Linux is very less compared to windows .

Your Linux should come with iptables, which is standard for all Linux distros.

Also, run your computer with SELinux enabled if available so malicious software will be caught in its snare.

xboxrulz