|
|
Sponsored Content
Operating Systems
Solaris
Restrict XWindows Server Access by IP Address
Post 302545639 by orange47 on Tuesday 9th of August 2011 03:34:09 AM
08-09-2011
|
|
9 More Discussions You Might Find Interesting
1. UNIX and Linux Applications
I am moving our email server from MS Exchange to Exim on Ubuntu 8.04.1. Version of Exim is 4.68.
As one of our security layers, we restrict authorization to send/relay email via our mail server from approved IP networks only. Whether this is a perfect method or not is irrelevant as it is but one... (0 Replies)
Discussion started by: bsgcic
0 Replies
2. UNIX for Advanced & Expert Users
Hi
I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders.
/export/home/kapil/shared,
/export/home/kapil/shared/Folder1
/export/home/kapil/shared/Folder2
These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies
3. Linux
Hi Everybody,
If there is a general NFS share in the LAN and for example this share has three files - a, b, c is there any way to restrict file access to the root user of one particular host(falcon) in the same LAN environment while the normal users from the same host(falcon) should be able... (4 Replies)
Discussion started by: sudhirav
4 Replies
4. UNIX for Dummies Questions & Answers
Hi All,
How can we restrict a particular user access to a particular shell in solaris 10.
Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies
5. Red Hat
Hi there
I have an application user on my system that wants accesses to these file systems as such:
rwx:
/SAPO
/SAPS12
/R3_888
/R3_888B
/R3_888F
/R3_888R
r:
/usr/sap
these are the existing FS permissions:ownerships:
# ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies
6. Ubuntu
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Hi Folks,
Please help me. I am bit struck here.
Here is the OS info.
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
I have a... (17 Replies)
Discussion started by: explorer007
17 Replies
7. UNIX for Advanced & Expert Users
Hello all,
I am using IBM Directory Server (as a part of AIX7 extension pack) in an AIX environment.
To set up the server I use command:
mksecldap -s -a cn=admin -p PWD -S RFC2307AIX -d o=COMPANY -u NONE
Then, to set up IDS clients I use the following (I have 2 mutually replicating servers... (0 Replies)
Discussion started by: Myaso
0 Replies
8. UNIX for Dummies Questions & Answers
I'm trying to use squid to restrict elinks' access to certain websites(only http traffic).
I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :)
---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies
9. What is on Your Mind?
Hello Everyone,
We plan to restrict all RSS news feed access soon based on IP address. This means that if you have a website or application that using our site RSS feeds, you can still do it; but your must register you site in this thread.
So please reply with your IP address of your server... (7 Replies)
Discussion started by: Neo
7 Replies
LEARN ABOUT CENTOS
firewalld.zones
FIREWALLD.ZONES(5) firewalld.zones FIREWALLD.ZONES(5) NAME
firewalld.zones - firewalld zones DESCRIPTION
What is a zone? A network zone defines the level of trust for network connections. This is a one to many relation, which means that a connection can only be part of one zone, but a zone can be used for many network connections. The zone defines the firewall features that are enabled in this zone: Predefined services A service is a combination of port and/or protocol entries. Optionally netfilter helper modules can be added and also a IPv4 and IPv6 destination address. Ports and protocols Definition of tcp or udp ports, where ports can be a single port or a port range. ICMP blocks Blocks selected Internet Control Message Protocol (ICMP) messages. These messages are either information requests or created as a reply to information requests or in error conditions. Masquerading The addresses of a private network are mapped to and hidden behind a public IP address. This is a form of address translation. Forward ports A forward port is either mapped to the same port on another host or to another port on the same host or to another port on another host. Rich language rules The rich language extends the elements (service, port, icmp-block, masquerade and forward-port) with additional source and destination addresses, logging, actions and limits for logs and actions. It can also be used for host or network white and black listing (for more information, please have a look at firewalld.richlanguage(5)). For more information on the zone file format, please have a look at firewalld.zone(5). Which zones are available? Here are the zones provided by firewalld sorted according to the default trust level of the zones from untrusted to trusted: drop Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible. block Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections initiated within this system are possible. public For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. external For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. dmz For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted. work For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. home For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. internal For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted. trusted All network connections are accepted. Which zone should be used? A public WIFI network connection for example should be mainly untrusted, a wired home network connection should be fairly trusted. Select the zone that best matches the network you are using. How to configure or add zones? To configure or add zones you can either use one of the firewalld interfaces to handle and change the configuration: These are the graphical configuration tool firewall-config, the command line tool firewall-cmd or the D-BUS interface. Or you can create or copy a zone file in one of the configuration directories. /usr/lib/firewalld/zones is used for default and fallback configurations and /etc/firewalld/zones is used for user created and customized configuration files. How to set or change a zone for a connection? The zone is stored into the ifcfg of the connection with ZONE=option. If the option is missing or empty, the default zone set in firewalld is used. If the connection is controlled by NetworkManager, you can also use nm-connection-editor to change the zone. SEE ALSO
firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5), firewalld.zones(5) NOTES
firewalld home page at fedorahosted.org: http://fedorahosted.org/firewalld/ More documentation with examples: http://fedoraproject.org/wiki/FirewallD AUTHORS
Thomas Woerner <twoerner@redhat.com> Developer Jiri Popelka <jpopelka@redhat.com> Developer firewalld 0.3.9 FIREWALLD.ZONES(5)