[H-GEN] Firewall configuration on a remote machine

gavin duley gavin at microcomaustralia.com.au
Wed Feb 9 00:30:19 EST 2011

On 9 Feb 2011, at 15:00, David Seikel wrote:

> They say that because the default state of shorewall, when it is not
> "up" as such, is to close everything.  In general this is a good
> thing, but the problem then is that you then cannot connect to the box
> remotely with ANY protocol.  Also, should you mis-configure it, you
> may accidentally lock yourself out of the port you are using to do the
> configuring.  This applies to any firewall though.

Good point. If this was a home machine, I probably would want it to close everything.

> Being virtual, it may have file system partitions that are accessible
> outside the virtual box.  Depends on how that is set up.  That can both
> be a life saver if you screw up your firewall, and one other way to
> attack your system.

I don't think there are any, but then I have no access to dom0 (aka the host machine). I guess this one of the downsides of using a commercial virtual host.

> As always when dealing with remote servers with anything that could
> stop it being accessible remotely (rebooting, updates, etc), always
> handy to have someone local to the box ready with a crash cart.  Also

Unfortunately, I wouldn't easily be able to arrange that. The tech support people at panix probably would be able to sort things out for me locally if they had to, but I guess they would charge for this sort of thing -- something I'd want to avoid.

I guess the answer would be to backup key files, and then just reinstall everything from scratch if it goes wrong. This is easy enough to do, even if I've lost access to the machine (there is a web interface to allow you to do this). It seems a bit overdramatic, though.

> good to get things tested and running on a local box, then just
> transfer it over the 'net when you think it's good.

Probably a good idea...



Honestly, if you're given the choice between Armageddon or tea, you don't say 'What kind of tea?'
		-- Neil Gaiman

Gavin Duley
<gavin at microcomaustralia.com.au> <gpd at sdf-eu.org>
WWW: http://www.gavinduley.org/

More information about the General mailing list