Re: transition to ip6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, 2012-04-02 at 09:59 -0500, Les Mikesell wrote:
> On Mon, Apr 2, 2012 at 9:39 AM, Peter Eckel <lists@xxxxxxxxxxxx> wrote:
> > When there really is a requirement that the external server allows
> only a single address to access it and that can't be changed, you
> could resort to using a proxy.
> What is typical or reasonable for source address restrictions?   

To dispose of them;  they are hopelessly pointless.  If you want to
authenticate the source use PKI.

I know they exist and have personally had to deal with them.  That
doesn't imply they make any kind of sense.

> That
> is, if  there are 2 global organizations, and one wants to increase
> the security on access to a service by limiting to the source
> addresses that might come from the other, is there a sane way to
> specify it, and to make the application use those addresses at the
> right times if the interface has others?

If two organizations want to communicate, exclusively and privately,
with each other they should establish a tunnel.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux