Re: question on iptables, port 631 and CUPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2012-03-24 at 19:18 -0700, Paul Allen Newell wrote:
> If I try to reach a solution based on my limited knowledge, it would 
> seem that one would want to change the udp to have a 127.0.0.1
> sourceIP and a destinIP restricting to the LAN (I am assuming simple
> home user usage where there's a single LAN that has one connection
> through a router to the outside world). Such would say that any other
> udp would get rejected (or allowed by some other rule).

127.x.y.z addresses are not LAN addresses, they're only for the machine
itself (internal communication).

If one is being secure, particularly when you connect your computers to
random networks, or directly to the internet with no intervening gadget
that acts like a firewall, then you probably do not want to use the
default firewall rules that Fedora users (allow everything by default,
have a few specific rules, then a final deny rule).  You'd want to go
the opposite way:  Deny everything by default, poke holes through for
the few things that you want to allow.  

And, of course, configure all your services correctly.  Do not rely on a
firewall to stop access to a service that you don't want public access.
Configure *that* service to ignore unwanted connections.

It's particularly important if you're one of those people who are going
to disable the firewall to try and work out some problem.  Because it
only takes mere moments for some hacker to do their business on a
vulnerable system.  And that moment might be when you've dropped your
firewall.

-- 
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org


[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux