Ermm.. well the application server is the critical database server.. at this time.. i need the fast solutions which mean using shorewall.. and on next stage.. i will figure out .. and perhaps using vpn... for now i found shorewall drop and shorewall allow. can the shorewall allow a certain ports? which mean allow port 3079..
e.g allow from 18.104.22.168 with 3079 port?
Amir Haris Ahmad wrote:
> application server open port number 3079 the server ip is 22.214.171.124. and
> now the port can be accessed from everywhere. Now i want to block all the
> everywhere accessed. But my problem is, the application will be accessed by
> few locations that doing transaction with the application server. and the
> said locations are using dynamic ip address. My question:
> - How can i implement the rules that block everything but at the same time
> allow the locations that using dynamic ip?..
No, use a PROPER AUTH mechanism , with proper encrypition (TLS/SSL) and
you will be OK.
however, you can allow traffic to only the needed port ,from the whole
subnet the allowed clients are using (with a proper auth system of course).
but if your goal is not get cracked by " the bad guys outside" by
protecting yourself banning countries, cities or whatever ugly
thing.stay away.. it gives you a false sense of security.