Firewall Wizards mailing list archives
Trust an IP? (IPTables)
From: Chris de Vidal <cdevidal () yahoo com>
Date: Wed, 30 Apr 2003 09:06:58 -0700 (PDT)
I need to allow a backup server to connect to its port (20031) on a server running IPTables. I recall all of the security risks of trusting an IP (r* tools). Is it safe to allow a specific IP to connect to a specific port through the firewall? Something like this: MY_IP=123.456.789.11 BACKUP_SERVER=123.456.789.10 iptables -A INPUT -s $BACKUP_SERVER -i eth0 --dport \ 20031 -j ACCEPT (Also allow related/established traffic) If someone sniffed that traffic, they might spoof that IP and start probing that port for vulnerabilities. Locking it to the MAC address might be even better, but perhaps even that can be spoofed. That's why I'm asking the pros. So is it safe to trust an IP to connect to one port, ala the old r* tools? If not, what is a good alternative? ===== /dev/idal "GNU/Linux is free freedom" --Me __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Trust an IP? (IPTables) Chris de Vidal (Apr 30)