Firewall configuration for gnomemeeting
John Thompson
JohnThompson at new.rr.com
Fri Jul 9 01:24:36 UTC 2004
Colin Paul Adams wrote:
>>>>>>"Rodolfo" == Rodolfo J Paiz <rpaiz at simpaticus.com> writes:
>
>
> Rodolfo> At 12:41 PM 7/8/2004, Colin Paul Adams wrote:
> >> You ARE joking aren't you? That's 60,000 ports! It would take
> >> me a year to type all that lot in! Isn't there a way to limit
> >> which ports it uses?
>
> Rodolfo> Hopefully you're aware that you can type 5000:65000 in
> Rodolfo> the iptables rule and it will treat it as a range. If
> Rodolfo> not, consider it good news... you just changed a year
> Rodolfo> into 3.7 seconds.
> Thanks - but that still looks to be a huge security hole - according
> to lsof, it's only listening on one or two ports.
No; iptables is stateful. You can configure those ports to be open only
for established or related connections.
--
-John (john at os2.dhs.org)
More information about the fedora-list
mailing list