Controlling memcached access with ufw

Simon Males sime at sime.net.au
Wed Aug 24 13:53:29 UTC 2011


(read: 'Securing' memcached)

I hope to cluster memcached. The network is untrusted and I must
restrict the allowed clients. So this is my first attempt at
firewalling.

I've switched the ufw's DEFAULT_INPUT_POLICY to ACCEPT as there is no
current firewall. Next I added two clients which have explicit access
to port 11212 followed by a catch all DENY to 11212.

# ufw status verbose
Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
11212                      ALLOW IN    192.168.1.102
11212                      ALLOW IN    192.168.1.103
11212                      DENY IN     Anywhere
11212                      DENY IN     Anywhere (v6)

Does this sound like a decent attempt at locking down memcached?

Additionally with the above rules, could I create an application
profile? Ideally there will be multiple memcached servers, and I would
like to version control the profile.

-- 
Simon Males




More information about the ubuntu-server mailing list