[Shorewall-users] (no subject)

Tom Eastep teastep at shorewall.net
Tue May 17 06:44:03 PDT 2005


Scott Merrill wrote:
> On Tuesday 17 May 2005 05:13, Recoil wrote:

> 
> If this is a publicly available game server (anyone anywhere can connect), 
> then there's little else you can do to restrict access.  Watch your logs.  
> Watch your network traffic.  Learn to identify what is normal and abnormal 
> behavior.

And consider isolating it in a DMZ -- see
http://shorewall.net/three-interface.htm

As the OP correctly observed, once you have a firewall in place, you next
greatest source of vulnerability is the servers that you open to the
internet (right up there with your Windows-hosted email clients). Placing
such servers in their own LAN segment contains the damage in the event that
one of them is hacked.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


More information about the Shorewall-users mailing list