-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Mar 22, 2017 at 10:35:13AM -0000, Dan Purgert wrote: > David Christensen wrote: > > On 03/17/2017 03:31 AM, Dan Purgert wrote: > >> David Christensen wrote: > >>> On 03/13/2017 05:38 AM, Dan Purgert wrote: > >>> [...] > > > > I should clarify that: > > > > "The backup server can be firewalled with no incoming ports and > > outgoing ports limited to SSH and other required ports". > > > > > > I still need to figure out the "other required outgoing ports". > > Suggestions and comments are welcome. > > Unfortunately, pretty much "all ephemeral ports", if the server is > running things that initiate connections. Some programs allow you to > specify what ports they're connecting from, but not all.
That's what ESTABLISHED is for, in firewall jargon (you accept packets belonging to an established TCP connection). Regards - -- t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAljSVc0ACgkQBcgs9XrR2kZuzgCfXXa+qKx7HKM4z89EOuC0mWbK GiMAnij6QBoehTW2rE7gzAckchaifmdS =RbGU -----END PGP SIGNATURE-----
