A firewall is a great thing to have but it doesn't do much to protect services that are allowed. A firewall only goes as far as to allow or disallow access. But once access is allowed to a service, its security depends on its configuration and whether or not there are any security vulnerabilities. A service worth installing is fail2ban, which is a neat little tool that runs in the background and watches your logs for anything out of the ordinary, such as multiple failures to access a service. The most popular use of fail2ban is to protect SSH from those attempting to brute force it. In a lot of ways, fail2ban is the successor to denyhosts, which pretty much did the same thing. But fail2ban is able to protect more services than just SSH, another example being Apache.

When fail2ban sees that a source is attempting to access a service and is failing, it will set up a firewall rule on the fly to block that service from your server. To begin, install the...