FC5 iptables issue
Andy Green
andy at warmcat.com
Thu Mar 23 12:30:01 UTC 2006
Scot L. Harris wrote:
> A while back I noted some unexpected entries being allowed through
> iptables in FC4 on a clean install. I filed a bug report on this
> #181397.
>
> It appears that FC5 still has similar issues.
>
> 3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
> 4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
> 5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
> dpt:5353
> 6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
> dpt:631
> 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:631
>
>
> I don't see any reason that want to allow UDP traffic to port 5353.
> And I don't believe I want to allow traffic to port 631, no reason for
> anyone to be accessing the cups configuration from the network.
224 blah is some kind of routing multicast thing or somesuch IIRC, it's
probably not evil.
port 631 is actually used to print stuff on cups, not just the config,
that's probably why that's open.
No idea what esp and ah protocols are.
-Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060323/dd5d27bf/attachment-0001.bin>
More information about the fedora-list
mailing list