cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Re: Outbound fire-walling for CAcert infrastructure

From: Jan Dittberner <jandd AT cacert.org>
To: Mario Lipinski <mario AT cacert.org>
Cc: cacert-sysadm AT lists.cacert.org
Subject: Re: Outbound fire-walling for CAcert infrastructure
Date: Sun, 8 Jul 2012 01:48:29 +0200

On Sat, Jul 07, 2012 at 03:54:49PM -0700, Mario Lipinski wrote:
> Hi,
>
> today I received a request to disable outbound packet filtering (for a
> host) within CAcert infrastructure.
>
> While I can fully understand the request and personally have not that
> much concerns with outgoing traffic, This restrictive filtering has
> tradition at CAcert.
>
> What do you think about allowing all outbound traffic for some or all
> CAcert infrastructure hosts?

In my opinion outbound traffic is ok, maybe we should restrict it to
some ports (http (80)/https (443)/git (9418)) though. We can ask
sysadmins if they have other ports that might be useful too.

Best regards
Jan

--
Jan Dittberner - CAcert Infrastructure Team
Software Architect, Debian Developer
GPG-key: 4096R/558FB8DD 2009-05-10
B2FF 1D95 CE8F 7A22 DF4C F09B A73E 0055 558F B8DD
http://www.dittberner.info/

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Outbound fire-walling for CAcert infrastructure, Mario Lipinski, 07/07/2012
- Re: Outbound fire-walling for CAcert infrastructure, Jan Dittberner, 07/08/2012
  - Re: Outbound fire-walling for CAcert infrastructure, Mario Lipinski, 07/08/2012
    - Re: Outbound fire-walling for CAcert infrastructure, Ian G, 07/08/2012
      - Re: Outbound fire-walling for CAcert infrastructure, David McIlwraith, 07/09/2012
- Re: Outbound fire-walling for CAcert infrastructure, Wytze van der Raay, 07/08/2012
  - Re: Outbound fire-walling for CAcert infrastructure, Mario Lipinski, 07/08/2012
    - Re: Outbound fire-walling for CAcert infrastructure, David McIlwraith, 07/09/2012