seth vidal wrote: > Hi, > Mike noticed that someone had setup an irc bot running on > fedorapeople.org talking to an irc channel that was not remotely fedora > related. Even if it had been fedora-related it's still not something we > want running fedorapeople.org. I put in an outgoing port reject to > things bound to 6667. I'll work on a slightly better option soon but I > wanted to let everyone know about this and ask if there were any other > suggestions on how to best block this sort of thing. > Is any outbound NEW connection supposed to be used from fedorapeople.org accept maybe for a few named sockets on trusted remote hosts? If not, I suppose you could lock it down for most of the 65535-give-or-take ports, with few exceptions for like the Puppet master (but only from/by user root) and the DNS servers and such and so forth? Locking it down still sounds fair enough to me, to say the least. -- Jeroen _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
