Hello,
I would like to reinforce tftp security.
For the first step, it is possible to integrate geoip into third lane (the iso version) ? like that, we can automatically block some countries (or only authorize some countries, that seems the best way).
In a second point, is it possible to allow access to tftp sever only from some our customers IP ?
Regards
Matt
Submitted by eeman on Sun, 09/25/2011
Permalink
use the iptables rules the way they were intended, see /etc/sysconfig/iptables
edit the file manually and set the source subnets. TFTP is just as secure as http(s). As long as someone does not know the name of the file to fetch they wont retrieve your config file. An un-hardened http server is less secure than that as they would allow indexing.