Cert and pass phrase

> You know how to do that on Linux? Or do you have a resource? Well, typically that's the kind of thing I might have done at the external gateway, rather than on the box itself. But I'm sure you can do that sort of thing with iptables/ipchains. You really just want to create network access policies that deny all traffic except for the specific things you want to allow - inbound HTTP/HTTPS, inbound SSH from specific networks (assuming you're using SSH to manage the box remotely), outbound to the specific places you go to install patches, etc, outbound HTTP/S to any specific web services you need to invoke, outbound DNS to your local resolver. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite.