Hello Centos community,
One question, in relation to security in mirror centos:
- Can I apply a default drop firewall , accept policy for only a few ports?
Accept only ports:
TCP/UDP Port 80 (http) TCP Port 443 (https)
Are there any restrictions on the part of the CENTOS community for the application of firewall policy for the mirror host?
Have another Port to open in firewall ?
Best Regards, ------ Francisco J. Badaró Valente Neto Gerente de Telecomunicações e Treinamento ITS BRASIL Chave Pública PGP: 3C0197DADD86E00869A1F3ABEED24941A5292F14 Tel.: + 55 71 34020870 Cel: +55 71 981717310
Good morning Francisco J. Badaró Valente Neto,
what services do you offer? Only http and https?
If you also offer rsync or ftp, those ports need to be open too.
As far I know there is no need for other open ports. Keep in mind that you also use rsync to stay in sync. So the outgoing request to the server you sync from and the answer of this server need to pass the firewall.
Greetings from Germany Lukas
Sent from my samsung smart fridge.
Francisco Badaró francisco@itsbrasil.net schrieb am Di., 21. Jan. 2020, 02:41:
Hello Centos community,
One question, in relation to security in mirror centos:
- Can I apply a default drop firewall , accept policy for only a few ports?
Accept only ports:
TCP/UDP Port 80 (http) TCP Port 443 (https)
Are there any restrictions on the part of the CENTOS community for the application of firewall policy for the mirror host?
Have another Port to open in firewall ?
Best Regards,
Francisco J. Badaró Valente Neto Gerente de Telecomunicações e Treinamento ITS BRASIL Chave Pública PGP: 3C0197DADD86E00869A1F3ABEED24941A5292F14 Tel.: + 55 71 34020870 Cel: +55 71 981717310 _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
And if you're running IPv4 and IPv6, remember to ensure that the firewall allows on both v4 and v6 addresses families.
Please also allow ICMP so users can diagnose connection problems more easily (allow them to ping your server).
Cheers from Canada, Jonathan
On 2020-01-21 00:02, Alpix wrote:
Good morning Francisco J. Badaró Valente Neto,
what services do you offer? Only http and https?
If you also offer rsync or ftp, those ports need to be open too.
As far I know there is no need for other open ports. Keep in mind that you also use rsync to stay in sync. So the outgoing request to the server you sync from and the answer of this server need to pass the firewall.
Greetings from Germany Lukas
Sent from my samsung smart fridge.
Francisco Badaró <francisco@itsbrasil.net mailto:francisco@itsbrasil.net> schrieb am Di., 21. Jan. 2020, 02:41:
Hello Centos community, One question, in relation to security in mirror centos: - Can I apply a default drop firewall , accept policy for only a few ports? Accept only ports: TCP/UDP Port 80 (http) TCP Port 443 (https) Are there any restrictions on the part of the CENTOS community for the application of firewall policy for the mirror host? Have another Port to open in firewall ? Best Regards, ------ Francisco J. Badaró Valente Neto Gerente de Telecomunicações e Treinamento ITS BRASIL Chave Pública PGP: 3C0197DADD86E00869A1F3ABEED24941A5292F14 Tel.: + 55 71 34020870 Cel: +55 71 981717310 _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org <mailto:CentOS-mirror@centos.org> https://lists.centos.org/mailman/listinfo/centos-mirror
CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
-
Alpix -
Francisco Badaró -
LES.NET - Centos