incoming ssh/sftp blocked by iptables
Graham King
redhat at tremagi.org.uk
Thu Apr 15 14:38:51 UTC 2004
I usually install selecting "no firewall" and then create my own
iptables rules from scratch. These are highly tuned to a machine with
six network interfaces, each of which has its own firewall requirements.
Please do NOT start making assumptions and silently altering firewall
settings from within /etc/rc.d/init.d/* or elsewhere.
I suggest that a way forward is to configure the Fedora-supplied
standard firewall settings to syslog (maybe with a limit) all dropped
and denied packets. At least that way, sys admins would be alerted that
their firewall needs some maintenance.
-- Graham King
On Thu, 2004-04-15 at 03:45, Matthew Miller wrote:
> > I guess you could ask "Should we always open up incoming ports for
> > services being started?". I don't know if this is a good idea for a
> > default.
>
> I know it isn't. :)
More information about the fedora-test-list
mailing list