[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: error msg

On Tue, Jul 30, 2002 at 10:36:28AM -0400, Phillip Hofmeister wrote:
> On Tue, 30 Jul 2002 at 09:51:19AM +0200, Giacomo Mulas wrote:
> > 3) if you do need them (e.g. you need to export NFS file systems) restrict
> > access to all of these relatively fragile services to trusted hosts, using
> > hosts.allow, hosts.deny and/or firewalling.
> > 
> On his point I would like to add that I encourage everyone I talk to to involk
> a strong filtering system on any Linux system directly accessable from the net.
> I also encourage it on systems that are not directly accessable.  Internal hosts
> can always get compromised.  A strong firewall ruleset will DROP everything and
> allow only what is needed.

Since you brought the subject up... :-)

Does anyone have a good way of dealing with daemons that use unpredictable port
numbers? I have particular headaches with NFS, gdomap, and just recently SmokePing
started doing it.

I like to start off with a drop of everything and then open the absolute minimal
requirements. INCLUDING LOOPBACK.

So has anyone found a good way to deal with the unpredictable daemons?
Reply to: