Dave’s blog

Looks like I’ll be moving GeekISP to it’s own /27, with 29 whole IPs. Oh the excitement.

Mostly as a result of the increasing number of SSH brute-force attacks (i.e. scans, etc), I’d like to have a proper firewall in front of all my servers, since not all are upgraded on the same schedule, and so not all have the latest features of PF.

This also lets me specify some security policies that let me reduce the chance of misconfiguring things - like specifying that any connection to an outbound host on port 25 (SMTP) must originate from my mail servers.

I’ve already got the allocation from Gotham, now its just a matter of ordering my Soekris boxes and some CF cards…

This entry was posted on Monday, October 17th, 2005 at 12:16 pm and is filed under GeekISP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.