[ previous ] [ next ] [ threads ]
 
 From:  "Lewis Edwards" <lewis dot edwards at esi dash group dash na dot com>
 To:  =?iso-8859-1?Q?Mathias_Bur=E9n?= <mathias dot buren at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] stateful / dynamic packet filtering on m0n0wall?
 Date:  Thu, 8 Dec 2005 11:21:06 -0600
Alas, my apache server is running on Windows 2000 Server (not my choice).
So you see why I'm concerned about a vulnerable port.  :)

********************************************
Lewis Edwards
IT / Systems Coordinator
ESI CFD, Inc.
6767 Old Madison Pike, Suite 600
Huntsville, AL 35806-2182
Office (256) 713-4732 Fax (256) 713-4799
Email: lewis dot edwards at esi dash group dash na dot com
********************************************
Confidentiality Statement:
This message is intended only for the individual or entity to which it is
addressed. It may contain privileged, confidential information which is
exempt from disclosure under applicable laws. If you are not the intended
recipient, please note that you are strictly prohibited from disseminating
or distributing this information (other than to the intended recipient) or
copying this information. If you have received this communication in error,
please notify us immediately by e-mail or by telephone at (256) 713-4700.

To learn more about ESI, please visit our website at
http://www.esi-group.com

-----Original Message-----

Sent: Thursday, December 08, 2005 11:18
To: Lewis Edwards
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] stateful / dynamic packet filtering on m0n0wall?


This is just a wild guess, but I don't think this is possible with m0n0wall.
How about doing the filtering on the apache server computer, with iptables?
Should be possible.

// Mathias


2005/12/8, Lewis Edwards <lewis dot edwards at esi dash group dash na dot com>:
First, let me thank you for an excellent product and all the work you put
into maintaining it.

I have a web server in a DMZ with only port 80 open to the world.  Right
now, someone can telnet to port 80 and poke around with my Apache
installation. Given the right person and the wrong installation, this can
cause a lot of problems.  If m0n0wall had stateful (or dynamic) packet
filtering then port 80 would only accept HTTP connections and the sysadmin
could sleep (a little) easier.

Naturally, I have no idea how to implement this myself (hence my use of
m0n0wall and my e-mail to this list) but I think it would be a useful topic
for future development.  Of course, if such functionality already exists and
I've completely overlooked it, I'd appreciate a push in the right direction.


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch