store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Aug 22, 2019 11:13 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Allowing too much - what a fool!
Unread postPosted: Sat Oct 27, 2012 2:07 pm 
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
I just discovered that through a slip up, a machine that I thought was locked down was wide open.

For the purposes of this, pretend that our network range is

We have a set of hardware nodes, each running a number of virtual machines each with their own IP addresses. We use APF as a firewall script on the VMs.

On one of the virtual machines - lets say, I had set a firewall rule to allow, both as a source and destination IP, for both incoming and outgoing packets. The idea was to make sure all the systems within the network could communicate with .150 without any problems.

This was done by adding "" in APF's allow_host.rules file.

Haha! What a fool!

The point here is that includes .150, and by not being specific about what I wanted to allow (e.g. I should have just allowed as a source address by using s= in allow_host.rules), I was basically saying allow all from all for .150 (the machine I was trying to protect).

Stupid, stupid, stupid :-)

Luckily no harm was done. But it could have been very different! This is actually the second time I've done this too. You'd think I'd have learned from the first time!

If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group