[fw-wiz] Jboss in a DMZ?

From: Adam Shostack (adam_at_homeport.org)
Date: 09/30/03

  • Next message: Mike Hoskins: "[fw-wiz] Re: firewall-wizards digest, Vol 1 #1095 - 2 msgs"
    To: firewall-wizards@honor.icsalabs.com
    Date: Tue, 30 Sep 2003 11:09:06 -0400
    
    

    I'm looking to deploy jboss in a security sensitive (dmz-like)
    situation. Jboss wants to listen on a lot of ports, and my attempts
    to firewall it (using ipfilter) aren't going well.

    Has anyone done this? Are you willing to share the firewalling rules
    you used? Allowing all localhost->localhost didn't work. Will jboss
    respect tcp wrappers? Is there a way to specify listen on localhost
    only in the attributes?

    Naively throwing locahost:8083 in here (service.xml) didn't work:

      <mbean code="org.jboss.web.WebService"
             name="jboss:service=Webserver">
        <attribute name="Port">8083</attribute>

    Adam

    -- 
    "It is seldom that liberty of any kind is lost all at once."
    					               -Hume
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Mike Hoskins: "[fw-wiz] Re: firewall-wizards digest, Vol 1 #1095 - 2 msgs"

    Relevant Pages

    • Re: [fw-wiz] Jboss in a DMZ?
      ... Illegalaccess.org Security Alert ... JBoss, java server for running J2EE enterprise ... On Tue, 30 Sep 2003, Adam Shostack wrote: ... > to firewall it aren't going well. ...
      (Firewall-Wizards)
    • Re: JBoss: EJB3 =?ISO-8859-1?Q?verschl=FCsseln?=
      ... > Ein JBoss server soll hinter einer Firewall laufen. ... Prev by Date: ... Next by Date: ...
      (de.comp.lang.java)
    • Re: Root exploit for FreeBSD
      ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
      (freebsd-questions)
    • Re: Root exploit for FreeBSD
      ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
      (freebsd-current)
    • Re: Trouble accessing Outlook Web Access from behind firewall
      ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
      (comp.security.firewalls)