Re: Firewall Security Requirements for Postgresql Access - Mailing list pgsql-general

From Randy Yates
Subject Re: Firewall Security Requirements for Postgresql Access
Date
Msg-id vfepmp2f.fsf@ieee.org
Whole thread Raw
In response to Re: Firewall Security Requirements for Postgresql Access  (Gaetano Mendola <mendola@bigfoot.com>)
Responses Re: Firewall Security Requirements for Postgresql Access
List pgsql-general
bench@silentmedia.com (Ben) writes:

> Well, R/W doesn't make much sense for TCP.... incoming/outgoing SYN
> packets make more sense, and if the database is located outside the
> firewall, you really only need to allow outgoing SYN packets on the port
> (as well as packets related to that session, of course).

Are you suggesting that the firewall be configured so that the only
outgoing packets allowed through are ones with the SYN bit set in the
CODE BITS field of the TCP header? I'm fairly ignorant on protocol
matters, and I don't understand why one would single out these types
of TCP segments.  Could you please expound?
--
%  Randy Yates                  % "Bird, on the wing,
%% Fuquay-Varina, NC            %   goes floating by
%%% 919-577-9882                %   but there's a teardrop in his eye..."
%%%% <yates@ieee.org>           % 'One Summer Dream', *Face The Music*, ELO
http://home.earthlink.net/~yatescr

pgsql-general by date:

Previous
From: Randy Yates
Date:
Subject: Firewall Security Requirements for Postgresql Access
Next
From: Randy Yates
Date:
Subject: Re: Another Security Question: User-based Roles vs. Application