in reply to Monitoring a firewall using ssh (was: Is this possible in Perl?)

dru145 wrote:

Even better have the secondary firewall ssh (since it is a firewall, I don't want to use telnet) to the primary and test to see if the firewall daemon is running.

This doesn't answer your question, but I would be concerned about even allowing SSH to run on a firewall. Maximum security can be gained by ensuring that a person must be physically present at the firewall to do anything with it. Any time a remote connection is allowed, security is weakened.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

Replies are listed 'Best First'.
Re: (Ovid) Re: Is this possible in Perl?
by Beatnik (Parson) on May 31, 2001 at 11:47 UTC
    Ofcourse you can configure your ruleset, so SSH connections are only allowed from a certain (local) IP, which kinda minimizes the chances once again :)

    As a personal touch: my firewall box is in my basement, I don't like spending time there alot :)

    Greetz
    Beatnik
    ... Quidquid perl dictum sit, altum viditur.
[reply]

In Section Seekers of Perl Wisdom