Ermm.. well the application server is the critical database server.. at this time.. i need the fast solutions which mean using shorewall.. and on next stage.. i will figure out .. and perhaps using vpn... for now i found shorewall drop and shorewall allow. can the shorewall allow a certain ports? which mean allow port 3079.. e.g allow from with 3079 port?

On 1/31/06, Cristian Rodriguez <> wrote:
Amir Haris Ahmad wrote:

> application server open port number 3079 the server ip is and
> now the port can be accessed from everywhere. Now i want to block all the
> everywhere accessed. But my problem is, the application will be accessed by
> few locations that doing transaction with the application server. and the
> said locations are using dynamic ip address. My question:
> - How can i implement the rules that block everything but at the same time
> allow the locations that using dynamic ip?..

No, use a PROPER AUTH mechanism , with proper encrypition (TLS/SSL) and
you will be OK.

however, you can allow traffic to only the needed port ,from the whole
subnet the allowed clients are using (with a proper auth system of course).

but if your goal is not get cracked by " the bad guys outside" by
protecting yourself banning countries, cities or whatever ugly
thing.stay away.. it gives you a false sense of security.