[TriLUG] Iptables confusion
lfwelty at nc.rr.com
lfwelty at nc.rr.com
Fri May 2 16:46:53 EDT 2003
Jeremy Portzer wrote:
> On Fri, 2003-05-02 at 14:18, lfwelty at nc.rr.com wrote:
>
>
>>If you know which ports you need open, you can be even more specific than
>>the rule above and only explicitly allow known ports/services. It's almost
>>always better to grant access to known allowed services denying everything
>>else; than to deny known bad svcs allowing everything else.
>
>
> But he's using NFS, and there's no way to predict what ports NFS will
> use. That's why the permissive rule is necessary.
Yup, you're right.
/paranoid-anal
He could only explicitly allow the subnet, though.
Or only allow the individual IPs required.
paranoid-anal/
>
> --Jeremy
>
--
-----------------------------------------------------------------
lfwelty at nc.rr.com: Earth is a beta site, I just wish that damn
pink elephant would give me my mouse back.
-----------------------------------------------------------------
More information about the TriLUG
mailing list