On Fri, 2008-11-14 at 22:49 +0100, Christoph Höger wrote: > > I think Fedora 9 firewall would allow avahi discovery packets through > > by default, Fedora 10 doesn't. You'd need to add the appropriate rules > > back to allow the avahi traffic through. > > That would be totally sane, and I would understand that, but why are > packets from the outside allowed and not from the inside? Looks pretty > useless in a security point of view to me. mDNS uses a "push" architecture, not a "pull" architecture. Systems broadcast service availability instead of being polled for it. So when you query your local mDNS resolver, it checks to see if any services have been pushed for a given host/service. A non-firewalled system will see all pushes; a firewalled system will see none. -- Ignacio Vazquez-Abrams <ivazqueznet@xxxxxxxxx> PLEASE don't CC me; I'm already subscribed
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
