On Thu, 04 Jan 2018 19:45:44 +0000, The Natural Philosopher wrote:
> Basically I have unlimited access from my (fixed) home address - I had
> opened ssh up so I could access it from abroad, but I am back home now,
> so I have shut the lot down.
>
Fair comment
> Now the only globally open ports are smtp, ssmtp, pop3, http and https.
> And one other I won't mention.
>
> ACCEPT tcp -- anywhere anywhere tcp dpt:www
> ACCEPT tcp -- anywhere anywhere tcp
> dpt:ssmtp ACCEPT tcp -- anywhere anywhere
> tcp dpt:smtp ACCEPT tcp -- anywhere anywhere
> tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere
> tcp dpt:https ACCEPT tcp -- anywhere anywhere
> tcp dpt:xxxxx REJECT all -- anywhere anywhere
> reject-with icmp-port-unreachable
>
> On the internet the default should always be 'only let in what you
> absolutely need, and then only once you have worked out how to hack it,
> and blocked that too'
>
Most of these are obvious and sensible given that you're running a
webserver and, presumably, a mainserver that accepts SMTP connections.
Indeed, but one has me curious: why is pop3 open?
I assume you're running a public or semi-public POP3 server, since using
it to collect mail from an ISP doesn't require an externally accessible
POP3 port.
--
Martin | martin at
Gregorie | gregorie
| dot org
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
|