with vpn, leave only 80 and 443 open, if those are the only publicly available ports you need, and use the vpn to access everything else. a large ny file won't slow anything, but i would advise against manually editing it to the point it gets large, anyway.Īnother option is a hardware firewall (standalone appliance or something like iptables or pf running on linux, freebsd, openbsd, etc.) that also offers vpn access. at the worst, i can always hop through one of the safe hosts to the client server if needed.
Osx block adobe connections for mac osx#
Adobe CS6 Master Collection for Mac OSX : Mac OS - : La.
while disconnected from the net (or block. of course, make sure your hosts file is patched. Adobe CS6 Master Collection for Mac OSX (with crack) - P2P - 6.6GB Adobe. for servers i administer, i usually deal with this at the firewall level and then supplement rules with a deny all for sshd, only allowing ssh access from certain hosts (like my home network or the office, etc.) that should be safe. CS5 Master Collection with Guide To Block. I don't believe making any changes to the tcpwrappers config files will affect httpd configuration.Īlso, adding denied hosts manually is like fighting against the tide. doing either shouldn't have any effect on server admin usage. I'd still recommend having a separate physical firewall handling security, though.Īt least for ssh, you can port forward or run the service on another high port to eliminate most, if not all, of your ssh dictionary attack attempts. The built in "adaptive firewall" on 10.5 server does what you describe. That would be enough for me, since I can see the same IPs making dozens of attempts, cycling through common user names and using dictionary attacks.
Ideally, I would like it if OS X would automatically block an IP after it makes 5 failed attempts at SSH authentication. But maybe ny and hosts.allow are OK to edit?Īnother question is, by using a fairly large ny file to deal with the majority of hacking attempts, will that significantly slow down the server? I guess my question is, is using ny or hosts.allow (adding, editing) these files a good practice on 10.4.11 when using Server Admin? Since Server Admin seems to like to take care of a lot of configuration itself (nf), and manually editing certain files can at times create problems. I may need to ssh to the server from elsewhere. That's good advice for some situations, but the few ports I have open in the firewall (I'm using the OS X 10.4.11 Firewall -> public Internet, no router or hardware firewall in-between), including 80, 443 and 22 need to be relatively open.