Discussion:
iptables
Matthew Carter
2012-02-29 19:52:49 UTC
Permalink
I'm trying to bring up my firewall on my server on only one of my two
interfaces. ltspbr0 is attached to eth1 and eth0 is the external
connection. In /etc/sysconfig/iptables, I added:
-A INPUT -i ltspbr0 -s 172.31.100.0/24 -j ACCEPT
where the bridge and subsequent network is 172.31.100/24.

There should be no other connections to the outside world on that side of
the server. Is this a gaping security hole, ie, can my users connecting to
the outside world cause a backdoor to the bridge side of the server?

Thanks!
Jim Kinney
2012-02-29 22:47:51 UTC
Permalink
Bear in mind that your users are connecting FROM the SERVER itself to the
outside world. Technically, yes, the server _is_ a network bridge between
the outside and the 172 network where your clients are. If the 172 clients
can't connect to the server, then they get no thin-client goodness.

So as long as the ltspbr0 is on the inside NIC eth1, this rule is fine.

On Wed, Feb 29, 2012 at 2:52 PM, Matthew Carter
Post by Matthew Carter
I'm trying to bring up my firewall on my server on only one of my two
interfaces. ltspbr0 is attached to eth1 and eth0 is the external
-A INPUT -i ltspbr0 -s 172.31.100.0/24 -j ACCEPT
where the bridge and subsequent network is 172.31.100/24.
There should be no other connections to the outside world on that side of
the server. Is this a gaping security hole, ie, can my users connecting to
the outside world cause a backdoor to the bridge side of the server?
Thanks!
_______________________________________________
K12OSN mailing list
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
--
--
James P. Kinney III

As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as they
please, and those who survive will be left to contemplate the outcome.
- *2011 Noam Chomsky

http://heretothereideas.blogspot.com/
*
Loading...