Am 13.07.2013 00:45, schrieb David Beveridge: > On Fri, Jul 12, 2013 at 4:43 AM, Joe Zeff <joe@xxxxxxx> wrote: >> >> Can you give a practical example, please. I've no reason to disbelieve you, >> but I've also never run across such a case and would like to see one. >> > This kind of depends on what iptables or firewall rules you have, > but for a moment lets assume that you allow "related" connections on your input. > > What this means is to allow anything you connect outbound to to be > trusted to make a reverse connection back to you. > > So you are therefore trusting everything you connect to. Doesn't > sound very "Secure" to me would you please be so kind and inform you instead spread FUD how do you imagine that a UDP service answers since it is a stateless proctocol without the rule below? iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT *no* it does *not* open any incoming traffic to you - only *related* what is related? the combination outgoing/incoming port/IP because if you start a connection your software chooses a random port above 1024 and the answer comes back to exactly this port https://en.wikipedia.org/wiki/Stateful_firewall
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
