Re: Reverse tunnel security settings

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 6/20/2014 2:25 PM, Stuart Henderson wrote:

> PF can do this, though I'm not quite sure if doing this from a firewall
> counts as a "good way" and, given the controls already available on
> local forwarding, it does seem like something that it would be
> reasonable to implement internally in ssh.

As of the 2.6.x kernels, iptables has support for it as well.

See the "owner" module, and if you're going to do this, you might as well enable uid-logging in any LOG rules.

If you use grsecurity, you can also create gids that restrict client or server (or both) network socket usage completely, i.e., big hammer.

=M=
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux