Hi Joe, ----- Joe Landman <[EMAIL PROTECTED]> wrote: > Hi folks: > > I did an upgrade of OF 2.1b2 to 2.1 final. A customer asked me > about > iptables (they need to be a secure site, and others around these parts > > are requiring access controls due to SOX and other good governance > rules), and I had thought that it was installed. I port scanned the > machine only to see lots of open ports. I can lock it down of course, > > but would it be possible to only open relevant ports, and specifically > > only allow port 446 to be open by default upon loading? Then as each > > service is enabled, the network access rules could be applied to IP > tables fairly easily.
Cool. The default rules were too restrictive so I pulled it from the group. I'll hack it a bit and put it back so that everything works out of the box. > > Just a thought. If the network access rules are in a particular > location (db, flat file, ...), and you need something to emit an IP > tables config file, please let me know, I could probably put one > together pretty quickly. OK. They're a bit spread around. Each share/service has an access rule. This metadata is stored along with the rest of the share information within each share top level directory. We can continue this thread in openfiler-devel if you wish to pursue further... R. _______________________________________________ Openfiler-users mailing list [email protected] https://lists.openfiler.com/mailman/listinfo/openfiler-users
