man, 2002-06-10 kl. 22:07 skrev Kjetil Kjernsmo: > I hope someone can take my paw and help me through the iptables setup, > because I'm a bit scared of the possibility of locking myself out of my > box...
Den som intet v�ger, intet vinner :c) Do it. 1: Make sure that you have a cron/at job running that kills and restarts your firewall scripts at intervals known to you. If you only have a minimum of services, they are patched up to the last version and all is more or less safe, then a ten-minute gap now and then can't hurt until your routine is established; 2: If you're using ssh (which you are) to get to the machine, and since no-one can see what you're doing, cut out ftp and use scp - which also goes to port 22 and is *much* safer and better; 3: In your firewall script, build in a rule that only lets in your IP number - or, even better, if your admin machine uses Ethernet for the connection, your MAC number. I've done all this out of Utrecht in Holland to a slave DNS name server in Dortmund, Germany, including weekly scp backups and goodness knows what else. I had no possibility of getting to that machine, once it was placed, and everything worked perfectly for months - never ever went wrong. Just leave yourself a back door, if you need it, until you've gained the confidence you need. Best, Tonni Sogning -- Tony Earnshaw e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
signature.asc
Description: Dette er en digitalt signert meldingsdel
