Made to Order Software Corporation Logo

service

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Help with version 0.1.7 of Zipios (CVE-2019-13453)

Here is yet another example of why opensource is a really good way of getting things fixed.

Assuming you have a project that is getting used by many, you are likely to see people post issues about bugs and possible enhancements. Your software is even very likely to get improved on its own by enthousiast users. On Github, for example, it is very easy to fork a project (make a copy) and then work on your version of the software. You can then offer a fix to the main authors of the project with a near one to one copy of the project.

In our case, a security professional, Mike Salvatore, was asked ...

Order Made!® -- Restaurant software for online Customer orders

$30.00

Order Made!® LogoOrder Made!® Restaurant software for online Customer orders that's Customer and Restaurant friendly. Increase sales and profits by launching your restaurant into the 21st Century.

Choose how your customers can pay you. Edit your menu daily: change your prices, add specials, etc. Use our online newsletter to keep your customers informed of your specials. Order Made! is truly an advanced online ordering system.

$30.00

Terms & Condition Agreement

By creating an account with us, you agree on our terms and conditions. Everyone is welcome to create an account. If you are under 18 or the legal age in your country to use a credit card, you must ask your parents or guardian permission to purchase any software or service from us. If you have any question, feel free to contact us.

Our 30 Day Money-Back Guarantee

Our goal is to offer great service with effective, robust software. We are so confident that you will enjoy our products that we offer a 30-day money-back guarantee.

If you are dissatisfied with a software purchase, contact us within 30 days; if we can't make it right, we will assist you in deleting the installed software and refund your purchase price. To get your refund, please log in to your account and fill out our secure return form with an explanation of your dissatisfaction. We will refund your purchase price upon receipt.

Ensure your protection with our guarantee by reporting any ...

Terms & Conditions

Made to Order Software Corporation
Terms and Conditions for the Online Services
offered by Made to Order Software Corporation

This Agreement ("Agreement") is by and between Made to Order Software Corporation ("m2osw") a Californian Corporation and You, your heirs, your agents, successors and assigns ("You" and "Your"), and is made effective as of the date of electronic execution, which is when you register for an electronic account to use the Web site of m2osw. This Agreement sets forth the terms and conditions of Your use of the Online Services ...

McAfee to acquire MX Logic, but...

Today I read that McAfee is to acquire MX Logic (was http://mxlogic.net/).

I may have heard of MX Logic before, but the reason why I went to their website today is because I had multiple connections from their mail service to my mail system.

So I quickly checked out the MX Logic website to see what that company is about...

With proprietary technologies, a global security platform and a comprehensive suite of online solutions, MX Logic serves organizations worldwide to eliminate online threats and protect the integrity of their business communications.

They are selling ...

Business Solutions

CRM and ERP solutions

At Made to Order Software we think that using Open Source software is an incredible leverage for our customers. Plain and simple: if the software is free, you do not need to pay for it. You only need to pay us for installing the software and training you on how to use it.

We currently offer three solutions: Compiere ERP & CRM, SugarCRM and X-Tuple ERP.

Your Privacy

Use of Made to Order Software Corp. website

The following is our policy for the use, by you, of our website. We log a lot of information and we do not have any specific policy in place for when such data will be deleted. Financial related data is kept for a minimum of 10 years.

In all cases, we keep:

  • Your IP address and corresponding host name at the time of your connections.
  • Your browser information (name, version, computer type, etc.)
  • Save cookies in your browser.
  • Run JavaScript code on your computer.
  • The referrer URL.
  • The time and date of all ...

About Us

Here you will find a few of the software solutions that have been made possible by Made to Order Software Corporation. Feel free to contact us for more information.

Snap! Websites

Made to Order Software created Snap! Websites, a CMS system, which allows customers to create their own websites, hosted on our servers.

The new version of Snap! is actually Open Source. You can find more information about Snap! Websites Open Source on the Snap! Website a C+ CMS website.

A few customers using our old Snap! offer include:

Order ...