[TriLUG] Question About NFS Client Access Config
Warren Myers via TriLUG
trilug at trilug.org
Wed Apr 10 09:29:22 EDT 2019
"our host does not generally condone filtering inside the VLAN"
What kind of moronic hosting company do you have that doesn't think
"filtering inside the VLAN" is ok!?
---
Warren Myers
On 19-04-10 09:27, Lance A. Brown via TriLUG wrote:
> Why should iptables be considered cheating? Defense in depth is a well regarded concept and adding
> a layer of host based security is a common tactic in controlling access to resources on a server.
> Seems rather like doing security with one hand tied behind your back.
>
> --[Lance]
>
> Scott Chilcote via TriLUG wrote on 4/10/2019 9:16 AM:
>> Hi All,
>>
>> Thanks for the great help and ideas on this!
>>
>> We did think of the iptables solution, and patched that in last night.
>> But as Joe Mack pointed out that's considered cheating, and our host
>> does not generally condone filtering inside the VLAN. We'll see whether
>> that holds.
>>
>> The scan result is very specific that "At least one of the NFS shares
>> exported by the remote server could be mounted by the scanning host."
>> That's a serious WTF finding, no? We will likely get Redhat support
>> involved.
>>
>> Much appreciation!
>>
>> Scott C.
More information about the TriLUG
mailing list