Re: [SOLVED] iptables rule question for Centos 5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



We do a better job for those things that are outside of our firewall.
And this is some of what we do.


_____________________________________
"He's no failure. He's not dead yet."
William Lloyd George


-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On
Behalf Of Keith Roberts
Sent: Saturday, August 04, 2012 2:43 AM
To: CentOS mailing list
Subject: Re:  [SOLVED] iptables rule question for Centos 5

On Fri, 3 Aug 2012, SilverTip257 wrote:

> To: CentOS mailing list <centos@xxxxxxxxxx>
> From: SilverTip257 <silvertip257@xxxxxxxxx>
> Subject: Re:  [SOLVED] iptables rule question for Centos 5
> 
> Marvin,
>
> You're leaving SSH open to the world with that.
> If this is a box behind a firewall, then it's not _as much of a
> concern_ ... otherwise you're opening that server up to ssh brute
> force attempts.
>
> Your existing configuration is probably set up to drop/reject if
> traffic does not match any of your rules, so you've nearly solved the
> "blocking all other traffic" from server2.  But you really should put
> a specific rule on server1 with source as server2 and dest port 22
> being accepted.
>
> -s server2 -p tcp --dport 22 -j ACCEPT

Or move the SSH port to a non-standard one?

Keith
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux