[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: nfs mounting - pam considerations

On Sat, 2006-10-21 at 14:23 -0700, Tod Merley wrote:
> Note that opening up firewalls is appropriate only if you're
> disconnected from the Internet, or if you're in a very un-hostile
> environment.

Certainly true.

> Even so, you should open up the firewalls for a very short time (less
> than 5 minutes).

Next to useless advice.  If your firewall was protecting you from
something with vulnerabilities, it might only take a few seconds for the
damage to be done.  There is no safe timeframe.

> If in doubt, instead of opening the firewalls, insert logging
> statements in IPTables to show what packets are being rejected during
> NFS mounts, and take action to enable those ports.  

Which is a better solution, so long as you think about what you're
logging, and don't just allow anything that got logged as being blocked.

(Currently running FC4, but testing FC5, if that's important.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]