About F19 Firewall

Reindl Harald h.reindl at thelounge.net
Fri Sep 20 14:12:13 UTC 2013

Am 20.09.2013 15:59, schrieb Thomas Woerner:
>> Multicast
>>   DNS is allowed in the internal network(chain IN_internal_allow). I
>> guess  IN_internal_allow  is meant for some closed group internal
>> network, not sure.
>>      ACCEPT     udp  --            udp dpt:5353 ctstate NEW
>> Who uses it?
> This has been added because of a FESCo decision to enable Multicast DNS (mDNS)

oh yeah, let us open some more ports as default to increase security
especially for servcies like avahi which *can't* be disabled if you
tend to look in the syslog which get cluttered if you mask it

god save "iptables.service"
such decisions are *plain wrong*

someone can consider a desktop-firewall like on windows (not
that i ever would use it) which *asks* at the first incoming
connection - and before this is not possible it is *plain wrong*
to open whatever port because it could be useful for someobody

a fresh install should *never* have *any* port opened
the is no "but" and no "if" - period

and no i am not speaking for me - because i know what i am doing
in context of networking - most users do not

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130920/3f71cce2/attachment.sig>

More information about the devel mailing list