Firewall settings unworkable
Tim Waugh
twaugh at redhat.com
Fri Oct 1 13:00:46 UTC 2010
There are several protocols used for discovery of network services that
currently cannot be made to work on Fedora simply due to the restrictive
firewall we use by default.
For example, a broadcast SNMP query to discover network printers is sent
as a UDP packet from an unprivileged local port to SNMP port of the
broadcast address. Network printers respond by sending a UDP packet in
response, from the SNMP port back to the local unprivileged port.
The default firewall drops these packets. However, there is no "canned"
firewall setting to allow these packets in. No checkbox or on/off
switch will do it except "Disable Firewall".
In system-config-printer I try to get it to modify the firewall to allow
in the various network query responses that we expect, but I find it
cannot be done for SNMP or NetBIOS (which works in a similar way).
There is an open bug against the kernel for general broadcast query
response tracking:
https://bugzilla.redhat.com/show_bug.cgi?id=538675
In the mean time, I'm left wondering whether I ought to teach
system-config-printer how to temporarily insert a rule to allow in all
UDP packets from source port SNMP and with destination port > 1024...
Until then people will end up just turning off their firewalls
altogether in order to get things to work.
Tim.
*/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20101001/71ffb59f/attachment.bin
More information about the devel
mailing list