[tclug-list] Trying to set up a simple firewall

Thu Apr 8 08:10:28 CDT 2010

>  Thu Apr 08 2010 08:01:26 AM CDT from  "Andrew Berg"
><bahamutzero8825 at gmail.com>  Subject: Re: [tclug-list] Trying to set up a
>simple firewall
>
>  On 4/8/2010 6:59 AM, Adam Morris wrote:
>It's done by their ISPs. If they get disconnected from their ISP (e.g.
> modem reset, service outage), they get a new IP address when they
> reconnect. I'm mostly worried about myself. Such a situation is rare,
> but if I get assigned a new IP address, I'm locked out and there's no
> one to let me back in. I could write a script that would replace
> Shorewall's rules file with a similar one that would open up ssh to the
> public so I could log in, but I'd have open ssh to one of my users, all
> of whom (AFAIK) are clueless when it comes to Linux/Unix and the sole
> reason they would have shell access would be to execute the script.
>
>
>  
>
>
>  

  How about port knocking to protect the ssh port instead of block / allow by
IP address.  The port knocking daemon can add the rule for you in case your
IP address changes (or you need to connect from a different location).

Kelly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100408/095032dd/attachment-0001.htm 