Edward Ned Harvey wrote: > The second thing I'd do is ... You mentioned LAMP. I presume the "M" > component doesn't need to be available across the LAN, right? Configure > iptables to block it across the LAN. > You can go one better with the 'M' component and just configure it to run on 127.0.0.1. If you need to monitor that service with a remote process, use an SSH tunnel rather than open the service to the network. This leaves you with fewer iptables rules to keep track of.
-- Nick Whalen <ni...@mindstorm-networks.net> _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
