lokkit (WAS: How do I shut down this ports)
Dax Kelson
dax at gurulabs.com
Thu Aug 7 00:15:26 UTC 2003
On Sun, 2003-08-03 at 22:54, Louis Garcia wrote:
> 111/tcp open sunrpc
> 6000/tcp open X11
>
> Should these be open be default?
If they are open or not is irrelevant if you are truly running a
"default" configuration.
By "default" on severn and below you get a "medium" firewall.
On whatever-name-is-next and above, by default you get an "enabled"
firewall.
Old:
medium/high/disabled
New:
enabled/disabled
What's the difference?
I wrote a patch that implements a stateful ruleset instead of the
previous non-stateful ruleset. This was accepted and is now in rawhide.
The end result:
1. Better security than the previous "high".
2. No breakage of *anything* initiated by the host.
Details:
By default your "enabled" firewall enables others to ping you, ALL other
unsolicited traffic to your box is rejected.
If your box initiates a outbound connection (ping,SSH,NFS,NIS,RPC,X11),
*inbound* packets that are part of, and related to, those connections
are allowed.
Using lokkit or redhat-config-securitylevel you can of course define
"trusted" interfaces and/or allowed *inbound* protocols
(SSH,TELNET,etc). This way you can selectively allow others to connect
to your box.
Nifty eh? This is made possible by the stateful rules.
Dax Kelson
Guru Labs
More information about the fedora-test-list
mailing list