Re: CLOSING a web server!!!!!!

To: Iñaki Martínez <debian@euskal-linux.org>
Cc: Debian Firewall <debian-firewall@lists.debian.org>
Subject: Re: CLOSING a web server!!!!!!
From: Matthew Palmer <mjp16@ieee.uow.edu.au>
Date: Sat, 8 Feb 2003 02:26:37 +1100 (EST)
Message-id: <Pine.LNX.4.10.10302080222170.973-100000@magnetron.ieee.uow.edu.au>
In-reply-to: <20030207151118.GE3200@mx.euskal-linux.org>

On Fri, 7 Feb 2003, [iso-8859-1] Iñaki Martínez wrote:

> > >   21 -> only from my fix IP
> > 
> > Use scp.  FTP requires some very b0rken firewalling.
> 
>  OK...... and about SFTP?????
> 
>  Some of the webmaster are using windows FTP clients, so i need FTP or SFTP.

Give them something else.  There are plenty of point-and-drool SCP clients
out there, that work just like CuteFTP or WussFTP or whatever they're using.

>  What i mean is:
> 
>  global -> allow-query = only my IPs
>  per domain -> allow-query any

If you're wanting to do what I think you're wanting to do, it's not a
firewall issue, since the firewall shouldn't be doing deep magic within
protocols (that's up to the daemon in question).

> > >  What are the BETTER and MORE SECURE iptables rules for this server????
> > 
> > Those above work for me.
> 
>  OK, but what about  "-m state --state NEW" or similar????

Use 'em if you need 'em.  They have their uses, like if you want to only
allow connections in one direction or some other crazy stuff.  But most of
the time you'll do just fine with the regular ones.

-- 
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer, Geek In Residence
http://ieee.uow.edu.au/~mjp16

Reply to:

References:
- Re: CLOSING a web server!!!!!!
  - From: Iñaki Martínez <debian@euskal-linux.org>

Prev by Date: Re: CLOSING a web server!!!!!!
Next by Date: Re: CLOSING a web server!!!!!!
Previous by thread: Re: CLOSING a web server!!!!!!
Next by thread: pb with ssh2
Index(es):
- Date
- Thread