Re: [Fed-Talk] Firewall
Re: [Fed-Talk] Firewall
- Subject: Re: [Fed-Talk] Firewall
- From: Boyd Fletcher <email@hidden>
- Date: Thu, 10 Apr 2008 11:50:46 -0400
- Thread-topic: [Fed-Talk] Firewall
but that is not fine grain enough. We need to be able to explicitly set
which port and protocols are being used. We have some apps that open
additional ports and protocols but not all of them need to be externally
accessible. yes I know we could some to loopback but we down have control of
all of them.
basically, the current approach is a big black box as to what it is really
doing and in security that is a very very bad idea. We would like to know
exactly what is and is not being blocked.
boyd
On 4/10/08 11:17 AM, "Michael" <email@hidden> wrote:
>
> On Apr 10, 2008, at 9:58 AM, Michael wrote:
>> Under OS 10.5 you should be able to instead set a specific
>> application to be permitted to listen on whatever ports it opens.
>> Perhaps you have specific bugs with the new firewall regarding unix
>> servers you're running under OS X, I don't have a good test for that
>> (sshd comes with OS X so that does not meet the requirement of a non-
>> native app and I locked my configuration down to tight anyway).
>
> I don't have a good test with a server application but I had no
> trouble selecting a unix application/binary from /sbin and one that I
> compiled and telling the 10.5 Firewall to either accept or block
> incoming connections for those unix applications.
>
> Michael
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden