Controlling memcached access with ufw
Simon Males
sime at sime.net.au
Wed Aug 24 13:53:29 UTC 2011
(read: 'Securing' memcached)
I hope to cluster memcached. The network is untrusted and I must
restrict the allowed clients. So this is my first attempt at
firewalling.
I've switched the ufw's DEFAULT_INPUT_POLICY to ACCEPT as there is no
current firewall. Next I added two clients which have explicit access
to port 11212 followed by a catch all DENY to 11212.
# ufw status verbose
Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing)
New profiles: skip
To Action From
-- ------ ----
11212 ALLOW IN 192.168.1.102
11212 ALLOW IN 192.168.1.103
11212 DENY IN Anywhere
11212 DENY IN Anywhere (v6)
Does this sound like a decent attempt at locking down memcached?
Additionally with the above rules, could I create an application
profile? Ideally there will be multiple memcached servers, and I would
like to version control the profile.
--
Simon Males
More information about the ubuntu-server
mailing list