nfs mounting - pam considerations
Tim
ignored_mailbox at yahoo.com.au
Sun Oct 22 06:58:01 UTC 2006
On Sat, 2006-10-21 at 14:23 -0700, Tod Merley wrote:
> Note that opening up firewalls is appropriate only if you're
> disconnected from the Internet, or if you're in a very un-hostile
> environment.
Certainly true.
> Even so, you should open up the firewalls for a very short time (less
> than 5 minutes).
Next to useless advice. If your firewall was protecting you from
something with vulnerabilities, it might only take a few seconds for the
damage to be done. There is no safe timeframe.
> If in doubt, instead of opening the firewalls, insert logging
> statements in IPTables to show what packets are being rejected during
> NFS mounts, and take action to enable those ports.
Which is a better solution, so long as you think about what you're
logging, and don't just allow anything that got logged as being blocked.
--
(Currently running FC4, but testing FC5, if that's important.)
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
More information about the fedora-list
mailing list