[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC5 iptables issue



Scot L. Harris wrote:
A while back I noted some unexpected entries being allowed through
iptables in FC4 on a clean install.  I filed a bug report on this
#181397.

It appears that FC5 still has similar issues.

3    ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp
dpt:5353
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpt:631
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:631


I don't see any reason that  want to allow UDP traffic to port 5353.
And I don't believe I want to allow traffic to port 631, no reason for
anyone to be accessing the cups configuration from the network.

224 blah is some kind of routing multicast thing or somesuch IIRC, it's probably not evil.

port 631 is actually used to print stuff on cups, not just the config, that's probably why that's open.

No idea what esp and ah protocols are.

-Andy

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]