[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Portsentry, ipchains and pmfirewall
- Subject: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Tue, 22 Jan 2002 19:24:04 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Eddy,
> Problem: That leaves you open for five minutes after a reboot.
How often do you reboot? If it's more than once per month then it's too often.
> What I suggest is writing a quick shell script that flushes the
> firewall rules, loads the new rules, then sleeps for a minute or
> two. If not killed, it then flushes the ipchains and reloads
> your old ruleset.
I might be wrong here, but scripts are bound to the user session, right?
That's most likely an incorrect term and what I want to say is this: You
start a script from SSH (or Telnet) and when you close the connection the
script will be termintated, too. Unless you daemonized it, which requires
more than pushing it into the background with an "&". So if
improper firewall rules interfere with your shell session, then you're still
as much screwed with your proposed script as you are without.
> Portmaster 2's are cheap nowadays. Buy one and give yourself
> serial console access to all your boxen.
Unfortunately too many ISPs charge you extra for setting them up in their
datacenter. But personally I think that these devices (not neccessarily from
that manufacturer) are an investment well worth it.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer