[Gllug] Secure mail access with Apache and MySQL running?

Mick Farmer mick at dcs.bbk.ac.uk
Thu Jan 9 14:24:08 UTC 2003


Dear Jan, Doug & others,

I've not moved to iptables yet, and find that ipchains works
reasonably well.  Here's one approach you can use.

Assume that your box is not trojaned, so accept all OUTPUT.
Reject all FORWARD as you say your development network is
purely local.  Reject all INPUT except for what you expect
to come from your dialup.

If you initiate all communications, then you can reject all
INPUT with the SYN flag set (except for loopback).  Only
allow in replies, i.e. from port 80 because you may be
browsing, etc.

If you let me have more details of your setup, I could flesh
out more of the specifics.

Regards,

Mick               /"\                      
                   \ /                      
                    X  ASCII Ribbon Campaign
                   / \ Against HTML Mail

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list