> You know how to do that on Linux? Or do you have a resource? Well, typically that's the kind of thing I might have done at the external gateway, rather than on the box itself. But I'm sure you can do that sort of thing with iptables/ipchains. You really just want to create network access policies that deny all traffic except for the specific things you want to allow - inbound HTTP/HTTPS, inbound SSH from specific networks (assuming you're using SSH to manage the box remotely), outbound to the specific places you go to install patches, etc, outbound HTTP/S to any specific web services you need to invoke, outbound DNS to your local resolver.
Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-linux/message.cfm/messageid:4523 Subscription: http://www.houseoffusion.com/groups/cf-linux/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.14
