Firewall security: Problems with simple Samba file share 3580

Peter T. Breuer

I have given examples, and so have other people. It hasn't been vague generalities at all. A firewall protects against software deficiency and accidental misconfiguration. It can also act to limit the extent of other security breaches. As someone else noted, some of us prefer to have layers of security.

I have a server that accepts ssh connections, but only from a specific set of IP's. Additionally, ssh is configured only to accept specific users, and additionally only allows public key authentication. Beyond that, it's configured to lock out after two incorrect pbuttwords - which of course can't be given because it doesn't accept pbuttwords. That server is also protected by a hardware firewall and iptables. Most of this is completely redundant, but that's the point: redundancy protects against error, either on my part or in the ssh daemon iteslf. If an exploit comes out for ssh that can bypbutt my configuration rules, the firewall rules that limit it to specific ip's may protect me. The iptables (which you consider pointless) is enforcing the same rules that the hardware firewall is - so if I accidentally scew up one or the other, or an exploit is discovered that can breach either one, I may still be protected by the other.

Gee, Peter, you haven't become abusive yet.. I wonder how much longer that will last. Are we actually going to have a thread that doesn't include you impugning my intelligence?

-- Tony Lawrence