<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Well, to the best of my knowledge, Apache won’t respond to an
IPv6 request, unless you explicitly bind to an IPv6 address. Binding to
0.0.0.0 won’t allow IPv6 requests to be processed. You can setup multiple bind
directives in the configuration statements.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>-Nick <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Richard Houser
[mailto:rick@divinesymphony.net] <br>
<b>Sent:</b> Monday, November 17, 2008 11:23 PM<br>
<b>To:</b> Nicholas Kwiatkowski<br>
<b>Cc:</b> Karl Schuttler; linux-user@egr.msu.edu<br>
<b>Subject:</b> Re: [GLLUG] iptables rules<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>I'm really slow in replying,
but I recommend you do both. After all, we should always be doing
security in layers, right? Without the default listen rule, what happens
when you add a second IPv6 address or enable IPv6?<o:p></o:p></p>
<div>
<p class=MsoNormal>On Tue, Nov 4, 2008 at 12:54 PM, Nicholas Kwiatkowski <<a
href="mailto:kwiatk27@msu.edu">kwiatk27@msu.edu</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal>Why not just bind the web server to <a
href="http://127.0.0.1:80" target="_blank">127.0.0.1:80</a> instead of <a
href="http://0.0.0.0:80" target="_blank">0.0.0.0:80</a> ??<br>
<br>
-Nick Kwiatkowski<br>
MSU Telecom Systems<o:p></o:p></p>
<div>
<div>
<p class=MsoNormal><br>
-----Original Message-----<br>
From: <a href="mailto:linux-user-bounces@egr.msu.edu">linux-user-bounces@egr.msu.edu</a>
[mailto:<a href="mailto:linux-user-bounces@egr.msu.edu">linux-user-bounces@egr.msu.edu</a>]<br>
On Behalf Of Karl Schuttler<br>
Sent: Tuesday, November 04, 2008 11:57 AM<br>
To: <a href="mailto:linux-user@egr.msu.edu">linux-user@egr.msu.edu</a><br>
Subject: [GLLUG] iptables rules<br>
<br>
Hello all; I have a server that I want to enable access to port 80 to<br>
only through loopback (I want to force the user to ssh port forward<br>
instead of hitting it through the web. I currently am dropping inbound<br>
port 80 packets, which also disables my ability to port forward. What<br>
do i need to do to make this work; add an allow rule for loopback or<br>
something?<br>
_______________________________________________<br>
linux-user mailing list<br>
<a href="mailto:linux-user@egr.msu.edu">linux-user@egr.msu.edu</a><br>
<a href="http://mailman.egr.msu.edu/mailman/listinfo/linux-user" target="_blank">http://mailman.egr.msu.edu/mailman/listinfo/linux-user</a><br>
<br>
_______________________________________________<br>
linux-user mailing list<br>
<a href="mailto:linux-user@egr.msu.edu">linux-user@egr.msu.edu</a><br>
<a href="http://mailman.egr.msu.edu/mailman/listinfo/linux-user" target="_blank">http://mailman.egr.msu.edu/mailman/listinfo/linux-user</a><o:p></o:p></p>
</div>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>