Why are these ports open in iptables on new FC4 install?

[Tim]

On Tue, 2006-02-14 at 11:28 +0900, Joel Rees wrote:
> Reason I ask is that, as I understand it, you can't open a port to the
> LAN while keeping it closed to the world unless you know what ranges
> of addresses are used on the LAN. Not everyone chooses to use
> 192.168.0.nnn for their LANs, you know.

It's doable, in a few ways.  Here's two that I can think of off the top
of my head:

Ask the user which interfaces are LAN and WAN, then apply the rules to
the interface, regardless of what address is used by them.

Automatically examine the machine's own IP and netmask, define a rule
based on them.

Apply broad rules for the main LAN IP ranges, hoping they apply.  It's a
fair bet that the common private IP ranges won't be used over the
internet, though some ISPs do that.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.