[ previous ] [ next ] [ threads ]
 From:  =?ISO-8859-1?Q?Mathias_Bur=E9n?= <mathias dot buren at gmail dot com>
 To:  Lewis Edwards <lewis dot edwards at esi dash group dash na dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] stateful / dynamic packet filtering on m0n0wall?
 Date:  Thu, 8 Dec 2005 18:18:21 +0100
This is just a wild guess, but I don't think this is possible with m0n0wall.
How about doing the filtering on the apache server computer, with iptables?
Should be possible.

// Mathias

2005/12/8, Lewis Edwards <lewis dot edwards at esi dash group dash na dot com>:
> First, let me thank you for an excellent product and all the work you put
> into maintaining it.
> I have a web server in a DMZ with only port 80 open to the world.  Right
> now, someone can telnet to port 80 and poke around with my Apache
> installation. Given the right person and the wrong installation, this can
> cause a lot of problems.  If m0n0wall had stateful (or dynamic) packet
> filtering then port 80 would only accept HTTP connections and the sysadmin
> could sleep (a little) easier.
> Naturally, I have no idea how to implement this myself (hence my use of
> m0n0wall and my e-mail to this list) but I think it would be a useful
> topic
> for future development.  Of course, if such functionality already exists
> and
> I've completely overlooked it, I'd appreciate a push in the right
> direction.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch