From: Amir H. A. <sho...@gm...> - 2006-01-31 03:26:42
|
Ermm.. well the application server is the critical database server.. at thi= s time.. i need the fast solutions which mean using shorewall.. and on next stage.. i will figure out .. and perhaps using vpn... for now i found shorewall drop and shorewall allow. can the shorewall allow a certain ports= ? which mean allow port 3079.. e.g allow from 189.23.23.12 with 3079 port? On 1/31/06, Cristian Rodriguez <jud...@sh...> wrote: > > Amir Haris Ahmad wrote: > > > application server open port number 3079 the server ip is 202.188.0.132= . > and > > now the port can be accessed from everywhere. Now i want to block all > the > > everywhere accessed. But my problem is, the application will be accesse= d > by > > few locations that doing transaction with the application server. and > the > > said locations are using dynamic ip address. My question: > > > > - How can i implement the rules that block everything but at the same > time > > allow the locations that using dynamic ip?.. > > > > No, use a PROPER AUTH mechanism , with proper encrypition (TLS/SSL) and > you will be OK. > > however, you can allow traffic to only the needed port ,from the whole > subnet the allowed clients are using (with a proper auth system of > course). > > > but if your goal is not get cracked by " the bad guys outside" by > protecting yourself banning countries, cities or whatever ugly > thing.stay away.. it gives you a false sense of security. > > > > > > > > > > > |