[Dshield] Active Directory Firewall rules

dave brookshire dsb at parapet.net
Mon Aug 29 22:28:22 GMT 2005


If the AD servers are configured to be in different "sites" you can 
choose "SMTP" as the Inter-site transport and permit only SMTP traffic 
between the two servers.  That's the theory, at least.  

My $0.02.

-db

warwick ackfin wrote:

>Greetings all -
>
>    I'm being told by someone higher than I in the AD food chain here
>at Ivory Towers Inc that I have to add a rule in my firewall that says
>ROOT_DC ANY to MY_DC ANY.  Now, color me ignorant, but I thought AD
>traffic used a FINITE group of ports(actually I'm being kind...i
>thought it was only tcp445).  Why should I open everything to these
>people?
>
>
>  
>



More information about the list mailing list