Why are these ports open in iptables on new FC4 install?

John Summerfied debian at herakles.homelinux.org
Sun Feb 12 22:30:18 UTC 2006 

Scot L. Harris wrote:
> On Sun, 2006-02-12 at 09:29 +0800, John Summerfied wrote:
> 
>>Scot L. Harris wrote:
>>
>>
>>>Looked through the release notes and did not see anything related to
>>>ports 5353, 50, 51, or 631.
>>>
>>>Why is port 5353 open by default?  From searching around this appears to
>>>have something to do with multi cast DNS which seems to be tied to Apple
>>>iTunes.  I don't believe I installed anything that would need access to
>>>Apple iTunes.
>>
>>Nothing to do with ITunes per se. Google for zeroconf, for apple+bonjour 
>>and apple+rendezvous
>>
> 
> 
> Zeroconf, have yet to find that useful.  I generally get around to
> turning that off in /etc/sysconfig/network. 

I read KDE 3.4 supports it, it's turned off in FC3. It's very useful to 
Apple users, and it could be very useful in Linux, especially for laptop 
users.

> 
> 
>>A lot of people are likely to want it, and most of those are not 
>>competent to configure it.
>>
>>>I also don't understand why ports 50 and 51 are open.  I don't plan on
>>>setting up a VPN at the moment and I don't know why these would be open
>>>by default on a new install.
>>
>>Seems to me if you are one who's using IP6 it's something you'd want. If 
>>there's no IP6 around in your area, I don't see a problem.
>>
> 
> 
> So leave these ports open by default?  Seems like those would be ports I
> would try to setup a service on if I managed to get into a system then.

If you can install services to use those ports, you can also fix the 
firewall rules.

> Particularly since the majority of people are not using them for
> anything.  I don't have to mess with iptables which means it is harder
> for the admin to detect that I am on the system.

I don't believe that.

> 
> 
> 
>>>I'm also wondering about port 631 being open by default.  I know this is
>>>used for ipp printing but I have not setup this machine to provide print
>>>services yet.
>>
>>If you want to print _from_ it I suspect you'll want it. Printing works 
>>better on my Linux boxes than from my OS X and Windows. Printers come 
>>and go (as seen from my laptop) depending on which LAN it's on.
>>
>>If you are not running CUPS, then nobody going to sucessfully send you 
>>UDP packets tp port 631.
>>
> 
> 
> I just checked and with port 631 blocked I can still access the cups
> configuration via the web browser http://localhost:631.  
That's TCP, you said UDP.

>>You didn't say what your security setting is.
> 
> 
> Which security setting?  Firewall is enabled, selinux is enabled.

You get to select the level during install, and there's a "sectury 
level" item in my menus that lets me change it.





-- 

Cheers
John

-- spambait
1aaaaaaa at computerdatasafe.com.au  Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

do not reply off-list

More information about the fedora-list mailing list