From: Tony Earnshaw <tonni@billy.demon.nl>
To: Kjetil Kjernsmo <kjetil@kjernsmo.net>
Cc: netfilter@lists.samba.org
Subject: Re: Too scared....
Date: 11 Jun 2002 11:39:55 +0200 [thread overview]
Message-ID: <1023788396.2050.21.camel@billy.demon.nl> (raw)
In-Reply-To: <E17HVTU-00062d-00@pooh.kjernsmo.net>
[-- Attachment #1: Type: text/plain, Size: 1673 bytes --]
man, 2002-06-10 kl. 22:07 skrev Kjetil Kjernsmo:
> I hope someone can take my paw and help me through the iptables setup,
> because I'm a bit scared of the possibility of locking myself out of my
> box...
Den som intet våger, intet vinner :c)
Do it.
1: Make sure that you have a cron/at job running that kills and restarts
your firewall scripts at intervals known to you. If you only have a
minimum of services, they are patched up to the last version and all is
more or less safe, then a ten-minute gap now and then can't hurt until
your routine is established;
2: If you're using ssh (which you are) to get to the machine, and since
no-one can see what you're doing, cut out ftp and use scp - which also
goes to port 22 and is *much* safer and better;
3: In your firewall script, build in a rule that only lets in your IP
number - or, even better, if your admin machine uses Ethernet for the
connection, your MAC number.
I've done all this out of Utrecht in Holland to a slave DNS name server
in Dortmund, Germany, including weekly scp backups and goodness knows
what else. I had no possibility of getting to that machine, once it was
placed, and everything worked perfectly for months - never ever went
wrong.
Just leave yourself a back door, if you need it, until you've gained the
confidence you need.
Best,
Tonni
Sogning
--
Tony Earnshaw
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl
gpg public key: http://www.billy.demon.nl/tonni.armor
Telefoon: (+31) (0)172 530428
Mobiel: (+31) (0)6 51153356
GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981
[-- Attachment #2: Dette er en digitalt signert meldingsdel --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2002-06-11 9:39 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-10 20:07 Too scared Kjetil Kjernsmo
2002-06-11 5:58 ` Tom Marshall
2002-06-11 7:24 ` Ralf Hemmann
2002-06-11 9:39 ` Tony Earnshaw [this message]
2002-06-11 11:25 ` RES: " Roberto Campos
2002-06-10 23:28 ` Frank Nijenhuis
2002-06-11 12:39 ` IP address to MAC address Sundaram Ramasamy
2002-06-11 12:53 ` Antony Stone
2002-06-11 20:38 ` Tony Earnshaw
2002-06-11 20:40 ` Antony Stone
2002-06-11 20:55 ` Ramin Alidousti
2002-06-11 21:09 ` Antony Stone
2002-06-11 21:27 ` Tom Eastep
2002-06-11 21:36 ` Antony Stone
2002-06-11 21:32 ` Adam D. Barratt
2002-06-11 21:45 ` rpjday
2002-06-11 21:58 ` Ramin Alidousti
2002-06-15 15:37 ` Antony Stone
2002-06-11 14:50 ` Too scared Jason Pappas
2002-06-12 15:05 ` Kjetil Kjernsmo
2002-06-12 1:37 ` Ralf Hemmann
2002-06-12 2:15 ` Update: Too scared.... Script Ralf Hemmann
2002-06-12 2:15 ` Ralf Hemmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1023788396.2050.21.camel@billy.demon.nl \
--to=tonni@billy.demon.nl \
--cc=kjetil@kjernsmo.net \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox