Hi Mike, > Hmmm... since that method seems to rely upon the security of > ipchains, and adds a lot of problem-prone complexity; why not > just choose an obscure port for webmin, config webmin for SSL, > and use ipchains to filter access to that port.
I was just giving three ideas and suggestions which I could think of from the top of my head. The first one in my message is identical with the one you suggest, while the second and third suggestion are of course more complex and more complicated to implement, but also might offer the better degree of protection. > I doubt the additional complexity would be worth the minor > increase in security. I think that pretty much depends on what you prefer or need. For instance: Someone who's already using STUNNEL for other purposes on his machine might opt for that approach, as it is less complicated for him to implement it that way. Others might prefer to set up an IPChains rule to block UDP and use security through obscurity by moving Webmin to another port. You're free to use whatever suits you best. -- With best regards, Michael Stauber SOLARSPEED.NET _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
