On 08/17/11 12:50 PM, Rudi Ahlers wrote:
> A normal DDOS prevention firewall doesn't really work since it only
> blocks traffic coming in. But I need to limit traffic going out as
> well.
>
> The servers behind the firewall will serve mail, http, ftp, sql and SSH
without requests coming in, no web etc traffic can go out.
you want to block your own mail server from sending too much mail to a
single host? and block an internet mail server from sending "too
much" mail to you? thats not going to end well.
SQL? what are you doing letting a SQL server be publically
accessible? SQL servers should only be accessed by application servers
over secure connections.
I think as it stands, this is a very poorly thought out idea with much
room for gotchas and problems.
--
john r pierce N 37, W 122
santa cruz ca mid-left coast
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
