On Sat, 2012-03-24 at 19:18 -0700, Paul Allen Newell wrote: > If I try to reach a solution based on my limited knowledge, it would > seem that one would want to change the udp to have a 127.0.0.1 > sourceIP and a destinIP restricting to the LAN (I am assuming simple > home user usage where there's a single LAN that has one connection > through a router to the outside world). Such would say that any other > udp would get rejected (or allowed by some other rule). 127.x.y.z addresses are not LAN addresses, they're only for the machine itself (internal communication). If one is being secure, particularly when you connect your computers to random networks, or directly to the internet with no intervening gadget that acts like a firewall, then you probably do not want to use the default firewall rules that Fedora users (allow everything by default, have a few specific rules, then a final deny rule). You'd want to go the opposite way: Deny everything by default, poke holes through for the few things that you want to allow. And, of course, configure all your services correctly. Do not rely on a firewall to stop access to a service that you don't want public access. Configure *that* service to ignore unwanted connections. It's particularly important if you're one of those people who are going to disable the firewall to try and work out some problem. Because it only takes mere moments for some hacker to do their business on a vulnerable system. And that moment might be when you've dropped your firewall. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org