If you're using Push with a connector that needs to access your systems directly, you may need to modify your firewall configuration to allow connections from the following IP ranges:
Basic security precautions
- Always use a firewall to block traffic from addresses other than the ones listed on this page, your own network, or your own IP, You have a number of choices, both commerical and Open Source. If you are using Linux you will want to learn about using iptables. Users of BSD systems should read documentation for ipfw and pf. Mac OS X users should read relevant information about ipfw. Hosting companies may provide firewall protection at an additional cost. Amazon AWS offers a basic, but adequate firewall at no additional cost. All you have to do to open a port is edit the Security Group settings.
- Only open access to ports required to receive data and log in to the machine for maintenance purposes.
- Do not configure servers to listen for incoming traffic on any address (0.0.0.0). This is just a quick fix to help you quickly set up a server, but it is not a good idea for production servers.
- Use a stateful firewall. A stateful firewall can tell which outbound packets are being sent in response to inbound requests and lets them pass without you having to write additional rules. Stateless firewalls need two sets of rules, for inbound and outbound packets.
- Whenever connectors and servers support it, use SSL to encrypt connections.