Topic: Create pinhole in Firewall

[smeerbartje]

At the excellent Wiki pages, I see this page which describes how to make a pinhole in the firewall in order to run certain deamons on the server itself. Is this better then adding a portforward for the same port to 127.0.0.1... which also does the job.

[cactus]

At the excellent Wiki pages, I see this page which describes how to make a pinhole in the firewall in order to run certain deamons on the server itself. Is this better then adding a portforward for the same port to 127.0.0.1... which also does the job.

This is the advised way (as you are quoting the developers guide, the guideline for development of SME Server) for public services running on the server itself, port forwards are a work around for it IMHO if they are pointing to localhost.

[smeerbartje]

Okay, thanks for your quick reply. But is it possible to retrieve a list of all pinholed rules?

[mmccarn]

Raw dump of configuration database for all services:

Code: [Select]

db configuration print | grep "=service"
List of service names for all services that have "access=public" and "status=enabled":

Code: [Select]

db configuration print |awk -F"[=|]" '/\=service.*public.*enabled/  {print $1}'
Raw dump of configuration database for public, enabled services:

Code: [Select]

db configuration print |awk -F"[=|]" '/\=service.*public.*enabled/  {print $_}'

[smeerbartje]

Cool, thanks!!