Re: Guide(s?) to backup philosophies

To: debian-user@lists.debian.org
Subject: Re: Guide(s?) to backup philosophies
From: Dan Purgert <dan@djph.net>
Date: Wed, 22 Mar 2017 11:57:44 -0000 (UTC)
Message-id: <[🔎] slrnod4pr3.1o1.dan@xps-linux.djph.net>
References: <[🔎] ef34df2b-20d7-e2ed-f9a4-875cc09c9b68@cloud85.net> <[🔎] 1da38dbd-57cc-816a-b108-9b1a54159701@holgerdanske.com> <[🔎] slrnocd4r9.8pl.dan@xps-linux.djph.net> <[🔎] b996cffe-6f59-38df-8aa4-35e62a92c150@holgerdanske.com> <[🔎] slrnocneu7.r9b.dan@xps-linux.djph.net> <[🔎] 9cdbe1f7-6137-ebf7-c844-3873f09bdb3c@holgerdanske.com> <[🔎] slrnod4l0b.1o1.dan@xps-linux.djph.net> <[🔎] 20170322104533.GB10766@tuxteam.de>

<tomas@tuxteam.de> wrote:
>
> On Wed, Mar 22, 2017 at 10:35:13AM -0000, Dan Purgert wrote:
>> David Christensen wrote:
>> > On 03/17/2017 03:31 AM, Dan Purgert wrote:
>> >> David Christensen wrote:
>> >>> On 03/13/2017 05:38 AM, Dan Purgert wrote:
>> >>> [...]
>> >
>> > I should clarify that:
>> >
>> >      "The backup server can be firewalled with no incoming ports and
>> >      outgoing ports limited to SSH and other required ports".
>> >
>> >
>> > I still need to figure out the "other required outgoing ports". 
>> > Suggestions and comments are welcome.
>> 
>> Unfortunately, pretty much "all ephemeral ports", if the server is
>> running things that initiate connections.  Some programs allow you to
>> specify what ports they're connecting from, but not all.
>
> That's what ESTABLISHED is for, in firewall jargon (you accept packets
> belonging to an established TCP connection).
>

You're not gonna have any ESTABLISHED connections in your firewall if
you're _initiating_ the connection. ;)

if my firewall has the following rules:
 - default drop
 - rule 10 accept established

the command:
rsync (whatever switches) user@remote-host:/path/to/files/ /local/

Will fail to connect to remote-host, as the rsync command is not
connecting across a previously established link. 

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Reply to:

Follow-Ups:
- Re: Guide(s?) to backup philosophies
  - From: <tomas@tuxteam.de>

References:
- Guide(s?) to backup philosophies
  - From: Richard Owlett <rowlett@cloud85.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Guide(s?) to backup philosophies
  - From: Dan Purgert <dan@djph.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Guide(s?) to backup philosophies
  - From: Dan Purgert <dan@djph.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Guide(s?) to backup philosophies
  - From: Dan Purgert <dan@djph.net>
- Re: Guide(s?) to backup philosophies
  - From: <tomas@tuxteam.de>

Prev by Date: Re: installer defaults for desktops (was Re: Suggested edit)
Next by Date: Re: installer defaults for desktops (was Re: Suggested edit)
Previous by thread: Re: Guide(s?) to backup philosophies
Next by thread: Re: Guide(s?) to backup philosophies
Index(es):
- Date
- Thread