Reco writes:
>
>> The
>> RELATED,ESTABLISHED rule is only for stupid protocols like FTP, that
>> like to open new outbound connections in response to inbound requests.
>
> Not quite true. You forgot to take into account good old DNS, for
> example. Now, sure, DNS *is* stupid, but sshd relies on i
Mart van de Wege a écrit :
> Reco writes:
>
>> The simplest *working* solution is to use iptables this way:
>>
>> iptables -F INPUT
>> iptables -A INPUT -i lo -j ACCEPT
>> iptables -A INPUT -p icmp -j ACCEPT
Too permissive. Allow only safe error types (i.e.
destination-unreachable, time-exceeded
Hi.
On Thu, 18 Dec 2014 12:35:31 +0100
Mart van de Wege wrote:
> Reco writes:
>
> > Hi.
> >
> > On Thu, Dec 18, 2014 at 10:39:18AM +0100, Mart van de Wege wrote:
> >> Britton Kerin writes:
> >>
> >> > I have a system that I would like to make accessible only by ssh.
> >> >
> >> > No apache
Le 18.12.2014 06:08, Britton Kerin a écrit :
I have a system that I would like to make accessible only by ssh.
No apache telnet ftp anything else.
What is the easiest way to achieve this? It came from a vendor with
a slew of package of all sorts, so I don't even know everything that
I want t
Reco writes:
> Hi.
>
> On Thu, Dec 18, 2014 at 10:39:18AM +0100, Mart van de Wege wrote:
>> Britton Kerin writes:
>>
>> > I have a system that I would like to make accessible only by ssh.
>> >
>> > No apache telnet ftp anything else.
>> >
>> > What is the easiest way to achieve this? It came
Hi.
On Thu, Dec 18, 2014 at 10:39:18AM +0100, Mart van de Wege wrote:
> Britton Kerin writes:
>
> > I have a system that I would like to make accessible only by ssh.
> >
> > No apache telnet ftp anything else.
> >
> > What is the easiest way to achieve this? It came from a vendor with
> > a sl
Am Donnerstag, 18. Dezember 2014, 10:39:18 schrieb Mart van de Wege:
> Britton Kerin writes:
> > I have a system that I would like to make accessible only by ssh.
> >
> > No apache telnet ftp anything else.
> >
> > What is the easiest way to achieve this? It came from a vendor with
> > a slew o
Britton Kerin writes:
> I have a system that I would like to make accessible only by ssh.
>
> No apache telnet ftp anything else.
>
> What is the easiest way to achieve this? It came from a vendor with
> a slew of package of all sorts, so I don't even know everything that
> I want to remove.
>
S
On Jo, 18 dec 14, 00:37:30, The Wanderer wrote:
>
> If you want to transform your current system by removing
> externally-accessible services, I don't know of a strictly "easy" way,
> but if I wanted to do that on a machine under my control, what I'd do
> is:
>
> * Get a list of open ports by run
On 12/18/2014 at 12:08 AM, Britton Kerin wrote:
> I have a system that I would like to make accessible only by ssh.
>
> No apache telnet ftp anything else.
>
> What is the easiest way to achieve this? It came from a vendor with
> a slew of package of all sorts, so I don't even know everything t
I have a system that I would like to make accessible only by ssh.
No apache telnet ftp anything else.
What is the easiest way to achieve this? It came from a vendor with
a slew of package of all sorts, so I don't even know everything that
I want to remove.
Thanks,
Britton
--
To UNSUBSCRIBE,
11 matches
Mail list logo