[fw-wiz] Jboss in a DMZ?

From: Adam Shostack (adam_at_homeport.org)
Date: 09/30/03

  • Next message: Mike Hoskins: "[fw-wiz] Re: firewall-wizards digest, Vol 1 #1095 - 2 msgs"
    To: firewall-wizards@honor.icsalabs.com
    Date: Tue, 30 Sep 2003 11:09:06 -0400
    
    

    I'm looking to deploy jboss in a security sensitive (dmz-like)
    situation. Jboss wants to listen on a lot of ports, and my attempts
    to firewall it (using ipfilter) aren't going well.

    Has anyone done this? Are you willing to share the firewalling rules
    you used? Allowing all localhost->localhost didn't work. Will jboss
    respect tcp wrappers? Is there a way to specify listen on localhost
    only in the attributes?

    Naively throwing locahost:8083 in here (service.xml) didn't work:

      <mbean code="org.jboss.web.WebService"
             name="jboss:service=Webserver">
        <attribute name="Port">8083</attribute>

    Adam

    -- 
    "It is seldom that liberty of any kind is lost all at once."
    					               -Hume
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Mike Hoskins: "[fw-wiz] Re: firewall-wizards digest, Vol 1 #1095 - 2 msgs"