Topic: Firewall status in Server-Only mode

[madadam]

Having built several SME 8 machines in Server-Only mode I've observed that the masq service is running and a dump of iptables -l shows a few pages of active rules. This seems to suggest that SME 8s default is to have an active firewall in Server-Only mode despite documentation indicating otherwise:

http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter5#Option_3:_Server-only_mode

http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter2

Can a dev team member please confirm or deny my observation on the status of the firewall in Server-Only mode. I recall a discussion under SME 7 that addressed this question and I believe that originally it was not the case but modifications were made to allow this behaviour.

Cheers,

Adam

[janet]

madadam

IIRC in server only mode there is still some minor degree of "firewall" functionality, but it is only minimal, as deemed appropriate by the developers for additional security in that mode. There were some big long forum discussions involving arne from about 2 or more years ago that touched on this subject (amongst other posts).

You MUST still put a full blown firewall between an sme server in server only mode and the Internet. This could be a sme server in server and gateway mode or some other firewall device.

[madadam]

Hi Mary,

I do remember the discussion but can't seem to find it. I don't suppose you can provide a link to it if it's the same thread I'm thinking of.

Cheers,

Adam

[madadam]

Could one of the dev team members please take a moment to iterate the firewall/security functionality of SME Server 8 in Server-Only mode please?