(read: 'Securing' memcached) I hope to cluster memcached. The network is untrusted and I must restrict the allowed clients. So this is my first attempt at firewalling.
I've switched the ufw's DEFAULT_INPUT_POLICY to ACCEPT as there is no current firewall. Next I added two clients which have explicit access to port 11212 followed by a catch all DENY to 11212. # ufw status verbose Status: active Logging: on (low) Default: allow (incoming), allow (outgoing) New profiles: skip To Action From -- ------ ---- 11212 ALLOW IN 192.168.1.102 11212 ALLOW IN 192.168.1.103 11212 DENY IN Anywhere 11212 DENY IN Anywhere (v6) Does this sound like a decent attempt at locking down memcached? Additionally with the above rules, could I create an application profile? Ideally there will be multiple memcached servers, and I would like to version control the profile. -- Simon Males -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
