About F19 Firewall
h.reindl at thelounge.net
Fri Sep 20 14:12:13 UTC 2013
Am 20.09.2013 15:59, schrieb Thomas Woerner:
>> DNS is allowed in the internal network(chain IN_internal_allow). I
>> guess IN_internal_allow is meant for some closed group internal
>> network, not sure.
>> ACCEPT udp -- 0.0.0.0/0 220.127.116.11 udp dpt:5353 ctstate NEW
>> Who uses it?
> This has been added because of a FESCo decision to enable Multicast DNS (mDNS)
oh yeah, let us open some more ports as default to increase security
especially for servcies like avahi which *can't* be disabled if you
tend to look in the syslog which get cluttered if you mask it
god save "iptables.service"
such decisions are *plain wrong*
someone can consider a desktop-firewall like on windows (not
that i ever would use it) which *asks* at the first incoming
connection - and before this is not possible it is *plain wrong*
to open whatever port because it could be useful for someobody
a fresh install should *never* have *any* port opened
the is no "but" and no "if" - period
and no i am not speaking for me - because i know what i am doing
in context of networking - most users do not
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 263 bytes
Desc: OpenPGP digital signature
More information about the devel