[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Portsentry, ipchains and pmfirewall
- Subject: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
- From: Gerald Waugh <gerald@xxxxxxxxx>
- Date: Fri, 18 Jan 2002 23:24:00 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Friday 18 January 2002 11:36 am, Francisco Sánchez wrote:
> Ok, I see. If you add a rule to allow access to ssh to an IP only, you are
> supposed to add a rule next to deny access to all other addresses.
>
Yiou have the right idea.
It's late Friday night, it's been one hell of a week, so I really don't
want to play with ipchains rules, but I can give you some advice
on running the firewall for a limit time.
Add these lines add the end of the "start" portion of the script
# disable after $TTF seconds.
TTF=0
if test $TTF -gt 0
then
echo "Firewall rules runing for $TTF seconds"
(sleep $TTF;
/etc/rc.d/init.d/pmfirewall stop \
) &
else
echo "Firewall rules running for ever"
fi
echo " Done!"
echo ""
echo "" ;;
Now set TTF (Time To Flush) to something like 60 ( 1 minute ).
This will give you 60 seconds to test your rules out.
Or at least find out if they lock you out or not.
At the end of 60 seconds all the rules are flushed by running "stop"
When you are satisfied set TTF=0 and do 'start the firewall'
--
Gerald Waugh
Registered Linux User 255245
Register at http://counter.li.org