[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: nfs mounting - pam considerations



On Sat, 2006-10-21 at 14:23 -0700, Tod Merley wrote:
> Note that opening up firewalls is appropriate only if you're
> disconnected from the Internet, or if you're in a very un-hostile
> environment.

Certainly true.

> Even so, you should open up the firewalls for a very short time (less
> than 5 minutes).

Next to useless advice.  If your firewall was protecting you from
something with vulnerabilities, it might only take a few seconds for the
damage to be done.  There is no safe timeframe.

> If in doubt, instead of opening the firewalls, insert logging
> statements in IPTables to show what packets are being rejected during
> NFS mounts, and take action to enable those ports.  

Which is a better solution, so long as you think about what you're
logging, and don't just allow anything that got logged as being blocked.

-- 
(Currently running FC4, but testing FC5, if that's important.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]