Topic: Can I install a firewall on server-only mode?

[phenotype]

Hi folks, I'm totally new to SME Server (fairly new to Linux as well), and am just trying to migrate to SME from ClarkConnect 3.2. I'm only planning on using SME for a dedicated web server and file server (and maybe print server), and I don't have an extra machine on hand to use for a dedicated firewall to protect this server. CC3.2 came with a built in firewall that ran even in server-only mode, and I was wondering if I could get the same kind of functionality in SME so I could just directly plug the box into the net. I'm not sure how I would go about installing or configuring firewall software at this point, and I don't really want to expose my server to outside attack in the process if possible. I do know it would be more secure to have a dedicated firewall, but it's not really an option at this point, unfortunately.

Thanks so much for your help!

[raem]

phenotype

> CC3.2 came with a built in firewall that ran even in server-only mode,
> and I was wondering if I could get the same kind of functionality in SME > so I could just directly plug the box into the net.

In sme parlance that's called server gateway mode, it has a very good firewall based on iptables rules, and is designed to be an external interface. Connect via a modem (in bridged mode) and you're up and running.

As far as server only mode is concerned, default clean installations of sme7 do have a limited firewall, but I don't believe that is designed to be used for external interface situations, you should still have a firewall in your router or whichever other piece of equipment on your network is acting as your Internet gateway.

> I do know it would be more secure to have a dedicated firewall...

sme has a dedicated firewall that is as good if not better than most others at doing it's job.
sme in server gateway mode (all in the one box) sounds like what you are after. Don't worry about additional services that may be running, just don't use them or disable them in server manager (via default panels or add on panels). As firewall ports are only opened when required by services you enable, then firewall management is simplified.