So I've got a hub and spoke config setup between three sites (reston, DC, and NY with DC being the middle site btwn the other two) currently up and operational (thanks, acomiskey). All is good to go, but I wanted to lock down some ports/services and don't have much experience with access lists.
I'm only going to be doing rsync over TCP port 873 between DC and NY (DC will be doing an RSYNC pull from NY only). I'd also like to have ICMP for troubleshooting, as well, if possible.
I also wanted to only allow SSH access and icmp *from* Reston to DC, so the only thing Reston can do is SSH and PING the DC hosts.
Right now Reston can get to NY through DC (hence the hub and spoke). I'd like for that to continue after locking down rsync between DC and NY.
Hope that's not too confusing :) Thanks in advance.