Network Servers (where is my workgroup?)
Kyrre Ness Sjobak
kyrre at solution-forge.net
Wed Oct 20 19:15:15 UTC 2004
Just out of curiosity: which ports do i have to open to make it work?
ons, 20.10.2004 kl. 20.26 skrev Matthew Miller:
> On Wed, Oct 20, 2004 at 08:17:51PM +0200, Patrick wrote:
> > >https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=113918
> > Yes, it was the firewall issue. I opened smb ports and it worked fine,
> > but isn't that less secure?
>
> Marginally. The firewall is based on a packet filter -- if an incoming
> packet doesn't seem to have any business on the machine, the kernel drops it
> before it gets anywhere. That's a pretty good first defense. But if you
> don't have any services running on network accessible ports, those packets
> aren't going to have anywhere to go either. And even if you are running
> services (which you might punch through the firewall anyway), you should
> have other access control mechanisms (/etc/hosts.allow and /etc/hosts.deny,
> for example) in place too.
>
> The problem is that it's not trivial to make a rule which allows the needed
> SMB traffic without basically making the whole firewall irrelevant. It
> requires tracking state, which the current system-config-securitylevel
> doesn't attempt. (disclaimer: haven't looked extensively at the FC3 one, but
> I assume it hasn't changed based on the comments of others)
>
> The bugzilla entry above links to what will probably be the long-term
> solution to this -- a smarter firewall. You could implement that sort of
> thing yourself, but personally, I'd make sure my other system security was
> in good shape, and not worry about it for now.
> --
> Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
> Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-test-list
mailing list