outgoing port block on fedorapeople.org
Jason L Tibbitts III
tibbs at math.uh.edu
Tue Aug 3 11:20:22 UTC 2010
>>>>> "JvM" == Jeroen van Meeuwen <kanarip at kanarip.com> writes:
JvM> Is any outbound NEW connection supposed to be used from
JvM> fedorapeople.org accept maybe for a few named sockets on trusted
JvM> remote hosts?
Well, some might think it reasonable to pull content to fedorapeople
(wget, scp run on fedorapeople pulling from remote sites) instead of
forcing content to be pushed. Which would argue for outbound http and
ssh ports, I guess. Should be easy to just say no to that kind of
thing, though, if the intent is to lock it down.
I also wonder if mounting user-writable filesystems as noexec would be
reasonable.
- J<
More information about the infrastructure
mailing list