We do a better job for those things that are outside of our firewall.
And this is some of what we do.
_____________________________________
"He's no failure. He's not dead yet."
William Lloyd George
-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On
Behalf Of Keith Roberts
Sent: Saturday, August 04, 2012 2:43 AM
To: CentOS mailing list
Subject: Re: [SOLVED] iptables rule question for Centos 5
On Fri, 3 Aug 2012, SilverTip257 wrote:
> To: CentOS mailing list <centos@xxxxxxxxxx>
> From: SilverTip257 <silvertip257@xxxxxxxxx>
> Subject: Re: [SOLVED] iptables rule question for Centos 5
>
> Marvin,
>
> You're leaving SSH open to the world with that.
> If this is a box behind a firewall, then it's not _as much of a
> concern_ ... otherwise you're opening that server up to ssh brute
> force attempts.
>
> Your existing configuration is probably set up to drop/reject if
> traffic does not match any of your rules, so you've nearly solved the
> "blocking all other traffic" from server2. But you really should put
> a specific rule on server1 with source as server2 and dest port 22
> being accepted.
>
> -s server2 -p tcp --dport 22 -j ACCEPT
Or move the SSH port to a non-standard one?
Keith
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
