[K12OSN] iptables

Jim Kinney jim.kinney at gmail.com
Wed Feb 29 22:47:51 UTC 2012


Bear in mind that your users are connecting  FROM the SERVER itself to the
outside world. Technically, yes, the server _is_ a network bridge between
the outside and the 172 network where your clients are. If the 172 clients
can't connect to the server, then they get no thin-client goodness.

So as long as the ltspbr0 is on the inside NIC eth1, this rule is fine.

On Wed, Feb 29, 2012 at 2:52 PM, Matthew Carter
<redbranchwarrior at gmail.com>wrote:

> I'm trying to bring up my firewall on my server on only one of my two
> interfaces. ltspbr0 is attached to eth1 and eth0 is the external
> connection. In /etc/sysconfig/iptables, I added:
> -A INPUT -i ltspbr0 -s 172.31.100.0/24 -j ACCEPT
> where the bridge and subsequent network is 172.31.100/24.
>
> There should be no other connections to the outside world on that side of
> the server. Is this a gaping security hole, ie, can my users connecting to
> the outside world cause a backdoor to the bridge side of the server?
>
> Thanks!
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>



-- 
-- 
James P. Kinney III

As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as they
please, and those who survive will be left to contemplate the outcome.
- *2011 Noam Chomsky

http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20120229/8c0feeee/attachment.htm>


More information about the K12OSN mailing list