[CentOS] Apache Changing IPtables C 5.6 via Apache
Kenneth Porter
shiva at sewingwitch.com
Sun Aug 21 05:55:58 UTC 2011
--On Sunday, August 21, 2011 2:51 AM +0100 Always Learning
<centos at u61.u22.net> wrote:
> I am acutely conscious of being locked-out. I can get in remotely via
> the console. However the very first entries in every server's iptables
> have always been to allow 3 static IPs access. 3test comes later on in
> the sequence, ensuring what happens there should never lock me out.
To reduce the attack surface, create a script that can only update that
subtable with a supplied IP address and then invoke it by sudo.
More information about the CentOS
mailing list