Hi, I'm trying to block external access to port 8009 (AJP13), as only my local host really needs to be able to talk to it. I'm wondering if there are any internal/mod_jk mechanisms for that, or if iptables is the best option.
I have tried iptables, which did block external requests, but it also got me in a situation where I had a few hundred httpd processes in a SYN_SENT state ( netstat | grep 8009 | grep -c SYN_SENT ) and returning 503s instead of 200s: iptables -A INPUT \ -p TCP --dport 8009 \ -m state --state NEW \ -j DROP iptables -A INPUT \ -p UDP --dport 8009 \ -m state --state NEW \ -j DROP iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -i lo -j ACCEPT If anyone has iptables rules that work, I'd appreciate it if you could share them. I'd also be curious to know whether people use some other mechanisms to prevent evil folks from connecting to your port 8009 from the outsite and consuming your available connections. Thanks, Otis --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]