Amir Haris,

Why don't you plan your work and work your plan, you will waste your effort if you are in hurry. As far as I know, shorewall.net is the best documented package I had ever seen. Spend some time reading and understand it.

This goes the same to OpenVPN or any that you may come across.

RTFM

Amir Haris Ahmad <shorewall.net@gmail.com> wrote:
Michael Cozzi  ... i will study about the OpenVPN

On 1/31/06, Cristian Rodriguez <judas_iscariote@shorewall.net> wrote:
Amir Haris Ahmad wrote:
> Ermm.. well the application server is the critical database server..

That's another reason to implement a decent solution right now.

at this
> time.. i need the fast solutions

Fast solutions ... no. security needs REAL ,reliable,manageable  solutions.

which mean using shorewall.. and on next
> stage.. i will figure out .. and perhaps using vpn... for now i found
> shorewall drop and shorewall allow. can the shorewall allow a certain ports?
> which mean allow port 3079.. e.g allow from 189.23.23.12 with 3079 port?
>
>

/etc/shorewall/rules

ACCEPT    net:189.23.23.12

<zoneof-the-internal-system>:ip-of-the-internal-system tcp 3079


good luck, and you have been warned.








Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, & more on new and used cars.