#-A RH-Firewall-1-INPUT -p 50 -j ACCEPT #-A RH-Firewall-1-INPUT -p 51 -j ACCEPT #-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT #-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT #-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
These lines are in /etc/sysconfig/iptables by default. Is there a way with the GUI interface to remove them from the iptables setup? Why are they enabled by default? Port 50 has no entry in /etc/services, what is it for?
Thanks very much,
On 9/27/07, Knute Johnson knute@frazmtn.com wrote:
#-A RH-Firewall-1-INPUT -p 50 -j ACCEPT #-A RH-Firewall-1-INPUT -p 51 -j ACCEPT #-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT #-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT #-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
These lines are in /etc/sysconfig/iptables by default. Is there a way with the GUI interface to remove them from the iptables setup? Why are they enabled by default? Port 50 has no entry in /etc/services, what is it for?
Thanks very much,
-- Knute Johnson Molon Labe...
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
All ports info: http://www.iana.org/assignments/port-numbers
re-mail-ck 50/tcp Remote Mail Checking Protocol re-mail-ck 50/udp Remote Mail Checking Protocol # Steve Dorner <s-dorner&UIUC.EDU> la-maint 51/tcp IMP Logical Address Maintenance la-maint 51/udp IMP Logical Address Maintenance
find the others there.
On 9/27/07, Knute Johnson knute@frazmtn.com wrote:
#-A RH-Firewall-1-INPUT -p 50 -j ACCEPT #-A RH-Firewall-1-INPUT -p 51 -j ACCEPT #-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT #-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT #-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
I know that but what I want to know is why is it there and can I get rid of it with the GUI maintenance tool?
Thanks,
On 9/27/07, Knute Johnson knute@frazmtn.com wrote:
On 9/27/07, Knute Johnson knute@frazmtn.com wrote:
#-A RH-Firewall-1-INPUT -p 50 -j ACCEPT #-A RH-Firewall-1-INPUT -p 51 -j ACCEPT #-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT #-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT #-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
I know that but what I want to know is why is it there and can I get rid of it with the GUI maintenance tool?
Thanks,
-- Knute Johnson Molon Labe...
I was addressing your question "Port 50 has no entry in /etc/services, what is it for?" Sorry, I don't know about the gui --I normally use a bunch of commands for this. Why are they there? Well if at install time I chose to enable SSH and Mail in the firewall section, then ports 22 and 25 will appeared enabled in the iptables files.
~Aldo.
Knute Johnson kirjoitti viestissään (lähetysaika perjantai, 28. syyskuuta 2007):
#-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
Why are they enabled by default? Port 50 has no entry in /etc/services, what is it for?
-p 50 is _protocol_ 50, not port 50. See: http://www.iana.org/assignments/protocol-numbers http://www.ietf.org/rfc/rfc2402.txt http://www.ietf.org/rfc/rfc2406.txt http://www.protocols.com/pbook/tcpip5.htm
Knute Johnson kirjoitti viestissään (lähetysaika perjantai, 28. syyskuuta 2007):
#-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
Why are they enabled by default? Port 50 has no entry in /etc/services, what is it for?
-p 50 is _protocol_ 50, not port 50. See: http://www.iana.org/assignments/protocol-numbers http://www.ietf.org/rfc/rfc2402.txt http://www.ietf.org/rfc/rfc2406.txt http://www.protocols.com/pbook/tcpip5.htm
-- Markku Kolkka markku.kolkka@iki.fi
Thanks Markku. Below is the entry for 50 and 51. Do you know what these are for and do I need them?
50 ESP Encap Security Payload [RFC2406] 51 AH Authentication Header [RFC2402]
On Fri, 2007-09-28 at 10:08 -0700, Knute Johnson wrote:
Below is the entry for 50 and 51. Do you know what these are for and do I need them?
50 ESP Encap Security Payload [RFC2406] 51 AH Authentication Header [RFC2402]
Well, if you have local access to the box, you can simply try not allowing it, to see if they're really needed.
On Saturday 29 September 2007 08:32:29 am Tim wrote:
On Fri, 2007-09-28 at 10:08 -0700, Knute Johnson wrote:
Below is the entry for 50 and 51. Do you know what these are for and do I need them?
50 ESP Encap Security Payload [RFC2406]
They are for ipsec - if you use VPN (to work for example) you will likely need to think about these.
On Saturday 29 September 2007 08:32:29 am Tim wrote:
On Fri, 2007-09-28 at 10:08 -0700, Knute Johnson wrote:
Below is the entry for 50 and 51. Do you know what these are for and do I need them?
50 ESP Encap Security Payload [RFC2406]They are for ipsec - if you use VPN (to work for example) you will likely need to think about these.
They are on my mail server so I don't think I'm going to be using ipsec on that. You don't know about the others do you?
Thanks,
-
Aldo Foot -
Genes MailLists -
Knute Johnson -
Markku Kolkka -
Tim