New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request #5

Closed
TorstenJahnke opened this Issue Nov 27, 2017 · 7 comments

Comments

Projects
None yet
3 participants
@TorstenJahnke
Copy link

TorstenJahnke commented Nov 27, 2017

Hi!

Is it possible to add a switch which disable the entire logging and statistic website?

@kvic-z

This comment has been minimized.

Copy link
Owner

kvic-z commented Nov 30, 2017

Pls check out '-l 0' which is near nothing other than the first few lines on startup that tells what ports pixelserv-tls listen.

@TorstenJahnke

This comment has been minimized.

Copy link
Author

TorstenJahnke commented Nov 30, 2017

Thanks a lot!!! It's running and I need one more day for more.
Keep you informed...

@kvic-z

This comment has been minimized.

Copy link
Owner

kvic-z commented Mar 5, 2018

I plan to add an "admin" port where, if specified from command line, pixelserv-tls will only answer to admin commands such as "log" and "servstats". With this "admin" port, users can easily filter who can access e.g. through iptables.

Any thought?

@TorstenJahnke

This comment has been minimized.

Copy link
Author

TorstenJahnke commented Mar 5, 2018

As long as you keep the option to disable this logging alive I'm fine with it.
For debugging and testing it's a real usefull feature. Great idea :)

@kvic-z

This comment has been minimized.

Copy link
Owner

kvic-z commented Mar 8, 2018

A new feature "admin" port is added in this commit :)

@decoderman

This comment has been minimized.

Copy link

decoderman commented Mar 8, 2018

-A just sets the port to a set number, but there's no authentication, even if set.
Is that to obscure it? A port sniffer would still pick it up I guess.

@TorstenJahnke

This comment has been minimized.

Copy link
Author

TorstenJahnke commented Mar 8, 2018

Disable Port Scan can be done with IP Tables:

IPTABLES -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j DROP
IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

IPTABLES -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
IPTABLES -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
IPTABLES -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

IPTABLES -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
IPTABLES -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
IPTABLES -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
IPTABLES -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP

@kvic-z kvic-z closed this Mar 10, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment