incoming ssh/sftp blocked by iptables
Jeff Spaleta
jspaleta at gmail.com
Wed Apr 14 20:53:30 UTC 2004
On Wed, 14 Apr 2004 16:51:56 -0400, fulko.hew at sita.aero
<fulko.hew at sita.aero> wrote:
> I would think that the startup script for SSH should
> also punch a hole in iptables in a similar manner.
>
> Any comments before I Bugzilla it?
err....punching a wide open hole for ssh at the initscript level is probably
very not a good idea. I certaintly don't punch wide open holes through
my firewall to let ssh connections through. I punch targeted holes to
let in machines or subnets out in the wild that i know i'm going to be
using regularly. NTP, not being a compete shell access login
service...sits in a far different place in the paranoia landscale, so
punching a wide open hole for ntp doesn't completely freak me out.
-jef"Would really really hate to have to edit an ssh initscript to
disable the firewall hole punching to be able to reimplement targeted
ssh access to his machines"spaleta
More information about the test
mailing list