[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Firewalling vs AllowConnectionsFrom
|
From: |
Marco van Beek |
|
Subject: |
Firewalling vs AllowConnectionsFrom |
|
Date: |
Wed, 26 Oct 2005 16:59:56 +0100 |
|
User-agent: |
Mozilla Thunderbird 1.0.7 (Windows/20050923) |
Hi,
Bit of a conceptual question:
We are running the cfengine policyhost on a box that is also running
Shorewall (an IP tables based firewall). At the moment Shorewall is
configured to allow all connections to port 5308, and cfservd.conf has a
list of valid connections in AllowConnectionsFrom.
I don't particularly want to have to maintain two lists of valid IP
addresses, and at this point I am not sure I can come up with a format
that both systems are happy with as a list.
The only two issues I can come up with is that if the policyhost is
controlling the connections, it will report the failed connections,
which might make it easier, but secondly, if I use a common list in
Shorewall, I can use it for other ports (eg ssh) as well.
I guess using the firewall will be more secure, and there may be a
performance benefit as cfengine isn't having to fork a new process to
check every connection.
Is there anyone out there who has faced the same situation?
Regards,
Marco van Beek
- Firewalling vs AllowConnectionsFrom,
Marco van Beek <=