samba trouble
Andy Green
fedora at warmcat.com
Mon Oct 27 21:56:03 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 27 October 2003 21:33, Gene C. wrote:
> OK, I can see doing this on an internal system which is running an iptables
> "personal" firewall. However, making it too easy for someone to do on a
> true firewall between your system(s) and the "real Internet" is inviting
> disaster.
That's a good point. But... what is the meaning of the availability of samba
packages if there is no simple way to expose their services? Not going to be
very convincing for the shell-challenged to use Samba if getting it to
actually talk after installing it stays a mystical secret not on the local
firewall UI.
The firewall app could do the same as I did, for 137:139 it limits access to
the local subnet by iptables filtering. In fact it could do with another
per-item checkbox saying if the service is only exposed to machines on the
local subnet or open to all comers -- and for every service that checkbox
should be set for local subnet only by default. For a super bonus jackpot to
the implementor it could have per-item interface checkboxes for multihomed
hosts.
- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/nZRzjKeDCxMJCTIRAjR0AJsFzeKFN+aeGnWrQZaWc7Bzp16bnQCcCstQ
DeLL+SLXpk/bzgTJzWKrbe8=
=vRBq
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list