Firewall and user services that needs open ports
Colin Walters
walters at verbum.org
Mon Jun 23 14:17:02 UTC 2008
On Mon, Jun 23, 2008 at 3:58 AM, Nicolas Mailhot <
nicolas.mailhot at laposte.net> wrote:
>
> Le Lun 23 juin 2008 08:37, Callum Lerwick a écrit :
>
> > Yes, the correct thing to do for local security is use something like
> > selinux to prevent things from binding to interfaces/ports they
> > shouldn't be
> > binding to in the first place. Using iptables for this is a completely
> > unsustainable hack. iptables firewalling is for machines that route
> > packets to other machines.
>
> Iptables is actually wonderfully simple and transparent to normal
> users, unlike apps that do black magic using a system bus one can't
> inspect,
dbus-monitor --system
d-feet
>
> You'll take iptables out of my system the day I can easily check the
> spaguetti pile userspace is those days is not misbehaving.
netstat -ln
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/devel/attachments/20080623/f09805bc/attachment.html
More information about the devel
mailing list