iptables fc3
Alexander Dalloz
ad+lists at uni-x.org
Sat Nov 13 19:02:33 UTC 2004
Am Sa, den 13.11.2004 schrieb Leonard Isham um 19:44:
> On Sat, 13 Nov 2004 13:27:17 -0500, Doug Maurer <doug at dmaurer.net> wrote:
> > was looking into iptables because of i had to add in 110, and noticed
> > the below entries and was wondering what they were. Any one know? I
> > looked in services and found 631 is the IPP protocol; is that needed for
> > a standard install? 5353 isn't listed.
> >
> > -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
>
> What is using this port?
http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt
http://www.oreillynet.com/pub/wlg/1920
> > -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
>
> Do you really want someone outside your nfirewall printing to your systems???
Yes, from outside the own private net one hardly wants an open IPP port.
Though both settings are to enable network printing by "automatic"
self-configuration.
> Leonard Isham, CISSP
Alexander
--
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.8-1.521smp
Serendipity 20:02:15 up 24 days, 17:41, load average: 0.42, 0.67, 0.54
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20041113/2c450210/attachment-0002.bin
More information about the users
mailing list