[fw-wiz] Trust an IP? (IPTables)
From: Chris de Vidal (cdevidal_at_yahoo.com)
Date: 04/30/03
- Previous message: Javier Sanchez: "Re: [fw-wiz] port forward question"
- Next in thread: Daniel Linder: "Re: [fw-wiz] Trust an IP? (IPTables)"
- Reply: Daniel Linder: "Re: [fw-wiz] Trust an IP? (IPTables)"
- Reply: David Lang: "Re: [fw-wiz] Trust an IP? (IPTables)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Wed, 30 Apr 2003 09:06:58 -0700 (PDT)
I need to allow a backup server to connect to its port
(20031) on a server running IPTables. I recall all of
the security risks of trusting an IP (r* tools). Is
it safe to allow a specific IP to connect to a
specific port through the firewall? Something like
this:
MY_IP=123.456.789.11
BACKUP_SERVER=123.456.789.10
iptables -A INPUT -s $BACKUP_SERVER -i eth0 --dport \
20031 -j ACCEPT
(Also allow related/established traffic)
If someone sniffed that traffic, they might spoof that
IP and start probing that port for vulnerabilities.
Locking it to the MAC address might be even better,
but perhaps even that can be spoofed. That's why I'm
asking the pros.
So is it safe to trust an IP to connect to one port,
ala the old r* tools? If not, what is a good alternative?
=====
/dev/idal
"GNU/Linux is free freedom" --Me
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Javier Sanchez: "Re: [fw-wiz] port forward question"
- Next in thread: Daniel Linder: "Re: [fw-wiz] Trust an IP? (IPTables)"
- Reply: Daniel Linder: "Re: [fw-wiz] Trust an IP? (IPTables)"
- Reply: David Lang: "Re: [fw-wiz] Trust an IP? (IPTables)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
