If the only modification made is the rule I posted then I think port 8443 is
secure from all internet traffic except the stated IP. I know from working
with IPCHAINS on my home computer that it is very powerful for firewall
implimentations but if you don't understand what you are doing, you can also
leave your system wide open very easily.
Stephen W. Thomas
Network Engineer
Technical Software Services
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
-----Original Message-----
From: Renaud Chaillat [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 19, 2001 10:13 AM
To: [EMAIL PROTECTED]
Subject: Re: [Cooker-firewall] Administering from and External Address
Le Mercredi 18 Avril 2001 19:44, vous avez écrit :
> I wasn't able to get it working using the method you stated but I was ble
> to make it work by adding the following ipchains rule to
> /etc/rc.d/init.d/bastille-firewall:
>
> $IPCHAINS -A input -p tcp -s 192.168.10.10/32 -d 192.168.10.1/32 8443 -j
> ACCEPT
>
> In the above line "192.168.10.10/32" refers to the external computer
> administering the Firewall. the "/32" limits it to that address only. The
> 192.168.10.1/32 8443" refers to the IP Address (192.168.10.1/32) and admin
> port (8443) on the external Network Card of the firewall.
OK, glad you were able to solve your problem. My explanations were certainly
not practical enough for your need :-)
We will certainly add this possibility (restrict external access to specific
hosts), in a configurable way, in the future (unfortunately we can't do it
now since we have frozen the development).
With your above rule, though, don't forget to close (or just not open) port
8443 in Internet Traffic (I'm sure you did; I tell this just in case other
people are interested in your solution); otherwise it will override this
rule
by allowing any external host to connect on port 8443.
Regards,
Renaud
