Re: error msg
On Tue, Jul 30, 2002 at 10:36:28AM -0400, Phillip Hofmeister wrote:
> On Tue, 30 Jul 2002 at 09:51:19AM +0200, Giacomo Mulas wrote:
> > 3) if you do need them (e.g. you need to export NFS file systems) restrict
> > access to all of these relatively fragile services to trusted hosts, using
> > hosts.allow, hosts.deny and/or firewalling.
> On his point I would like to add that I encourage everyone I talk to to involk
> a strong filtering system on any Linux system directly accessable from the net.
> I also encourage it on systems that are not directly accessable. Internal hosts
> can always get compromised. A strong firewall ruleset will DROP everything and
> allow only what is needed.
Since you brought the subject up... :-)
Does anyone have a good way of dealing with daemons that use unpredictable port
numbers? I have particular headaches with NFS, gdomap, and just recently SmokePing
started doing it.
I like to start off with a drop of everything and then open the absolute minimal
requirements. INCLUDING LOOPBACK.
So has anyone found a good way to deal with the unpredictable daemons?