Thanks all. This is my web first server and it will probably live in my basement for the first six months, which is why ssh and ftp can stay shut down. Larry Nobs ----- Original Message ----- From: "Michael Gargiullo" <mgargiullo@xxxxxxxxxxxxx> To: "redhat mailing list" <redhat-list@xxxxxxxxxx> Sent: Wednesday, October 15, 2003 3:22 PM Subject: Re: Firewall - Limit Geographic Area > On Wed, 2003-10-15 at 16:13, lrnobs wrote: > > This server will have one web site using Java and Tomcat and will send out > > mail when orders are received to known email addresses. There is no reason > > to have ssh, ftp, or anything else. > > > > This currently has Redhat 8. Ssh is currently loaded. I couldn't find > > where to stop ssh from loading at boot. Could you point me in the right > > direction. > > > > Thanks, > > > > Larry Nobs > > > This is fine if you have console access. > > as root run ntsysv > > scroll down until you find sshd, and make sure there's no * next to it. > > same with your ftpd > > You can leave sshd running and limit access with iptables if you wish. > Makes life at 3 am with a crashed app easier. > > > > > > > > > ----- Original Message ----- > > From: "Michael Gargiullo" <mgargiullo@xxxxxxxxxxxxx> > > To: "redhat mailing list" <redhat-list@xxxxxxxxxx> > > Sent: Wednesday, October 15, 2003 2:44 PM > > Subject: Re: Firewall - Limit Geographic Area > > > > > > > Not reliably. One of our locations uses an AT&T DS1. Which literally > > > bounces from TX to CA then to us in NJ. > > > > > > Just build the securest server you can. Use SSH not telnet. Use sftp > > > not ftp. Only run the services you need, and nothing more. > > > > > > On Wed, 2003-10-15 at 15:31, lrnobs wrote: > > > > Is there a way to filter out/drop packets based on geographic area, at > > least > > > > partially. > > > > > > > > I will soon setup a web server in St. Louis, Missouri and there will be > > no > > > > reason for anyone outside of a 300 mile radius to be using my web site. > > > > > > > > If I could at least filter out anything outside the United States that > > would > > > > be helpful for security against some hackers. > > > > > > > > Thanks, > > > > > > > > Larry Nobs > > > > > > > -- > > > Michael Gargiullo <mgargiullo@xxxxxxxxxxxxx> > > > Warp Drive Networks > > > > > > > > > -- > > > redhat-list mailing list > > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > > -- > Michael Gargiullo <mgargiullo@xxxxxxxxxxxxx> > Warp Drive Networks > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
