[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: [fw-wiz] Trust an IP? (IPTables)
From: Chris de Vidal <cdevidal () yahoo ! com>
Date: 2003-04-30 16:06:58
[Download RAW message or body]
I need to allow a backup server to connect to its port
(20031) on a server running IPTables. I recall all of
the security risks of trusting an IP (r* tools). Is
it safe to allow a specific IP to connect to a
specific port through the firewall? Something like
this:
MY_IP=123.456.789.11
BACKUP_SERVER=123.456.789.10
iptables -A INPUT -s $BACKUP_SERVER -i eth0 --dport \
20031 -j ACCEPT
(Also allow related/established traffic)
If someone sniffed that traffic, they might spoof that
IP and start probing that port for vulnerabilities.
Locking it to the MAC address might be even better,
but perhaps even that can be spoofed. That's why I'm
asking the pros.
So is it safe to trust an IP to connect to one port,
ala the old r* tools? If not, what is a good alternative?
=====
/dev/idal
"GNU/Linux is free freedom" --Me
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic