On Sun, 2003-08-03 at 22:54, Louis Garcia wrote:
111/tcp open sunrpc
6000/tcp open X11
Should these be open be default?
If they are open or not is irrelevant if you are truly running a
"default" configuration.
By "default" on severn and below you get a "medium" firewall.
On whatever-name-is-next and above, by default you get an "enabled"
firewall.
Old:
medium/high/disabled
New:
enabled/disabled
What's the difference?
I wrote a patch that implements a stateful ruleset instead of the
previous non-stateful ruleset. This was accepted and is now in rawhide.
The end result:
1. Better security than the previous "high".
2. No breakage of *anything* initiated by the host.
Details:
By default your "enabled" firewall enables others to ping you, ALL other
unsolicited traffic to your box is rejected.
If your box initiates a outbound connection (ping,SSH,NFS,NIS,RPC,X11),
*inbound* packets that are part of, and related to, those connections
are allowed.
Using lokkit or redhat-config-securitylevel you can of course define
"trusted" interfaces and/or allowed *inbound* protocols
(SSH,TELNET,etc). This way you can selectively allow others to connect
to your box.
Nifty eh? This is made possible by the stateful rules.
Dax Kelson
Guru Labs