About F19 Firewall
Reindl Harald
h.reindl at thelounge.net
Fri Sep 20 14:12:13 UTC 2013
Am 20.09.2013 15:59, schrieb Thomas Woerner:
>> Multicast
>> DNS is allowed in the internal network(chain IN_internal_allow). I
>> guess IN_internal_allow is meant for some closed group internal
>> network, not sure.
>>
>> ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW
>>
>> Who uses it?
>>
> This has been added because of a FESCo decision to enable Multicast DNS (mDNS)
oh yeah, let us open some more ports as default to increase security
especially for servcies like avahi which *can't* be disabled if you
tend to look in the syslog which get cluttered if you mask it
god save "iptables.service"
such decisions are *plain wrong*
someone can consider a desktop-firewall like on windows (not
that i ever would use it) which *asks* at the first incoming
connection - and before this is not possible it is *plain wrong*
to open whatever port because it could be useful for someobody
a fresh install should *never* have *any* port opened
the is no "but" and no "if" - period
and no i am not speaking for me - because i know what i am doing
in context of networking - most users do not
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130920/3f71cce2/attachment.sig>
More information about the devel
mailing list