[CentOS] transition to ip6
Adam Tauno Williams
awilliam at whitemice.org
Tue Apr 3 00:33:24 UTC 2012
On Mon, 2012-04-02 at 09:59 -0500, Les Mikesell wrote:
> On Mon, Apr 2, 2012 at 9:39 AM, Peter Eckel <lists at eckel-edv.de> wrote:
> > When there really is a requirement that the external server allows
> only a single address to access it and that can't be changed, you
> could resort to using a proxy.
> What is typical or reasonable for source address restrictions?
To dispose of them; they are hopelessly pointless. If you want to
authenticate the source use PKI.
I know they exist and have personally had to deal with them. That
doesn't imply they make any kind of sense.
> That
> is, if there are 2 global organizations, and one wants to increase
> the security on access to a service by limiting to the source
> addresses that might come from the other, is there a sane way to
> specify it, and to make the application use those addresses at the
> right times if the interface has others?
If two organizations want to communicate, exclusively and privately,
with each other they should establish a tunnel.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20120402/c59c9181/attachment.sig>
More information about the CentOS
mailing list