Any danger from these ports?
Jeff Spaleta
jspaleta at gmail.com
Mon Jan 10 17:32:25 UTC 2005
On Mon, 10 Jan 2005 17:19:16 +0000, Luciano Miguel Ferreira Rocha
> Some server admins don't know how some protocols and application work.
> And I wouldn't want to see FC4 being rated as slow or disfuncional for
> network services by less knowledgeable admins,
I'm perfectly happy with those sorts of people running gentoo. The
educational issues around selinux have already shaken out a good
number of 'those' people. This change would be a minor pertubation in
comparison i think.
Of course there maybe a default techical solution here... can a
default ipt_recent rule set be constructed to target the most
sensitive ports? Maybe its most reasonable to do this to ssh and the
imap/pop services? Maybe its only reasonable to protect ssh by
default? Lots of room to provide a default use of ipt_recent that
strikes a compromise to off or on for all ports. I'm fine with
incremental changes that turn this on for only ssh by default if this
is the most reasonable compromise.
-jef
More information about the test
mailing list