Re: F29 Wail at the Firewall (long; sorry!)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 9 Dec 2018 19:00:25 +0000 (UTC)
Beartooth <Beartooth@xxxxxxxxxxx> wrote:

> 	I do some of my email and all of my Gmane activity (including 
> this list) at the address above, from my local access provider,
> Comcast; but I do most of my email (and my wife does all of hers) at
> my own domain, to which we connect by ssh.

I pay an email service to host my domain, but as Joe does, I could just
as easily use the mail hosts at my domain service.  Easier, in fact,
since that is their default.

> 	Recently we've been moving machines about physically, from
> floor to floor and connection to connection. We've also been getting
> lots of timeouts. When I asked my domain host about it, he told me it
> was my own firewall cutting us off.  It blocks connections out from
> our IP address if they fail more than it likes.

This doesn't make sense to me, unless you have restrictive firewalls
on your local net in front of the web access.  Moving a machine
should be irrelevant.  Fedora's default setting for the firewall is to
let nothing initiate connections to the system except ssh, and to let
anything on the system that wants to reach the net do so. If you
haven't changed it on any of your machines, that is what should be
happening.

Are you maybe using wireless, and getting problematic connections with
lower (or no) speeds in different locations?

> 	So, I THINK, I ought to enlarge  a/o lubricate the opening in
> the firewall that lets US out, but not make it any easier than I can
> help for supposed malware to get out. Does that make sense?
> 
> 	If so, where do I go (i.e., what file do I open), and what 
> changes do I make, to accomplish that?
 
I don't think this should be necessary if you are using default Fedora
settings.  Use the program firewall-config (man firewall-config) to look
at what the firewall settings are on each system.  Mine is set to public
(meaning roughly that I am exposed to the public web, and thus don't
trust the network I'm on, so play safe).

I used to have all kinds of elaborate rules in my iptables
configuration (which is what the firewall uses under the covers), but
eventually just caved and let the firewalld configuration set it.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux