incoming ssh/sftp blocked by iptables
Fulko.Hew at sita.aero
Fulko.Hew at sita.aero
Wed Apr 14 21:02:18 UTC 2004
Will Backman <whb at ceimaine.org>@redhat.com on 04/14/2004 04:39:57 PM
commented:
> I would think that the startup script for SSH should
> also punch a hole in iptables in a similar manner.
>
>
> Any comments before I Bugzilla it?
>
> This is not a recent change. I think the special case was added because
> ntp uses UDP, and it is hard to use a "related" rule to let a response
> back in.
>
> You can easily customize the firewall during install.
And then again, during install, I said 'NO firewall' and yet
iptables was still set up (blocking me).
> I guess you could ask "Should we always open up incoming ports for
> services being started?". I don't know if this is a good idea for a
> default.
I don't think it should be 'as default', but if the facility is
enabled by the end user, then it _should_ work.
The trouble... for dumb users... is that if they enable SSH
they won't know that they _also_ need to re-config their firewall.
They'll just complain that stuff doesn't work.
I think it should happen at the same time... just like NTP.
More information about the test
mailing list