incoming ssh/sftp blocked by iptables
Matthew Miller
mattdm at mattdm.org
Thu Apr 15 02:45:26 UTC 2004
On Wed, Apr 14, 2004 at 04:39:57PM -0400, Will Backman wrote:
> This is not a recent change. I think the special case was added because
> ntp uses UDP, and it is hard to use a "related" rule to let a response
> back in.
Also it's much more specific -- it automatically punches a hole _only_ to
the configured server(s). (DNS does this too.)
> I guess you could ask "Should we always open up incoming ports for
> services being started?". I don't know if this is a good idea for a
> default.
I know it isn't. :)
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-test-list
mailing list