Does the firewall apply also for the serial MGT?
Hi!
I would like to configue IPF. Im using a v240 with an Hyperterminal cabled in the special SERIAL MGT port (RJ-45) of the server.
My question is: does the firewall apply also for the serial MGT port?
Because Im not directly working on the server with keybord and monitor, Im worried about not beeing abble to get to the server again in case that I make a mistake with the Firewalls configuration!
Is this SERIAL MGT port to be seen like a normal serial port or to be seen like a LAN port?
Does the firewalls configuration has to be loaded every time you boot (like in Linux)?
Thanks for your help.
XpucTo
[669 byte] By [
XpucTo] at [2007-11-25 22:49:25]
# 1
When configuring a firewall on any UNIX or Linux system with a network management port, the rules should be defined so that the traffic on the private management network interface is free to accept remote access applications such as telnet, ssh or rlogin. These rules are normally initialized when the system is booted. On many commercial networks, network management interfaces are attached to a private network without a route to a public network, such as the Internet, this will completely eliminate the possibility of the system being compromised by an external host.
# 2
<table border="0" align="center" width="90%" cellpadding="3" cellspacing="1"><tr><td class="SmallText"><b>m-lennon wrote on Sat, 28 January 2006 06:46</b></td></tr><tr><td class="quote">
These rules are normally initialized when the system is booted.
</td></tr></table>
Well I just found in the sun documentation the following explanations:
"Solaris IP Filter uses the packet filtering rules that you put in to the ipf.conf file. If you locate the rules file for packet filtering in the /etc/ipf/ipf.conf file, this file is loaded when the system is booted. If you do not want the filtering rules to be loaded at boot time, put the in a file of your choice. You can then activate the rules with the ipf command."
So I guess there would be the possibility to try the rules and to reboot in case the rules dont allow any connection anymore.
<table border="0" align="center" width="90%" cellpadding="3" cellspacing="1"><tr><td class="SmallText"><b>m-lennon wrote on Sat, 28 January 2006 06:46</b></td></tr><tr><td class="quote">
On many commercial networks, network management interfaces are attached to a private network without a route to a public network, such as the Internet, this will completely eliminate the possibility of the system being compromised by an external host.
</td></tr></table>
But what does it mean for my concrete question?! Do I have to define a special rule for the serial MGT port? I would tend to think no because this port isnt a network card and I would tend to think that It could be considere like a keyboard. But of course Id like to be sure about it.
XpucTo
# 4
Just as in another forum.serial is serial, networking is networking<a href=" http://www.linuxquestions.org/questions/showthread.php?t=408873" target="_blank"> http://www.linuxquestions.org/questions/showthread.php?t=408 873</a>
# 5
The V240 has a Network management interface and that is what I assummed was being used here. I stand over my last post, but when the serial port is being used, there are no rules applied by the firewall software to that interface as a serial port is usually connected to another serial device ( terminal server or host serial port ), firewalls are used to protect network interfaces. Thanks rukbat, I have a habit of glancing at some of these threads and I sometimes make mistakes, I guess I should take these threads more seriously or ignore them!!
