Am 20.09.2013 15:59, schrieb Thomas Woerner: >> Multicast >> DNS is allowed in the internal network(chain IN_internal_allow). I >> guess IN_internal_allow is meant for some closed group internal >> network, not sure. >> >> ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW >> >> Who uses it? >> > This has been added because of a FESCo decision to enable Multicast DNS (mDNS) oh yeah, let us open some more ports as default to increase security especially for servcies like avahi which *can't* be disabled if you tend to look in the syslog which get cluttered if you mask it god save "iptables.service" such decisions are *plain wrong* someone can consider a desktop-firewall like on windows (not that i ever would use it) which *asks* at the first incoming connection - and before this is not possible it is *plain wrong* to open whatever port because it could be useful for someobody a fresh install should *never* have *any* port opened the is no "but" and no "if" - period and no i am not speaking for me - because i know what i am doing in context of networking - most users do not
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
