On Wed, Oct 20, 2004 at 08:17:51PM +0200, Patrick wrote: > >https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=113918 > Yes, it was the firewall issue. I opened smb ports and it worked fine, > but isn't that less secure? Marginally. The firewall is based on a packet filter -- if an incoming packet doesn't seem to have any business on the machine, the kernel drops it before it gets anywhere. That's a pretty good first defense. But if you don't have any services running on network accessible ports, those packets aren't going to have anywhere to go either. And even if you are running services (which you might punch through the firewall anyway), you should have other access control mechanisms (/etc/hosts.allow and /etc/hosts.deny, for example) in place too. The problem is that it's not trivial to make a rule which allows the needed SMB traffic without basically making the whole firewall irrelevant. It requires tracking state, which the current system-config-securitylevel doesn't attempt. (disclaimer: haven't looked extensively at the FC3 one, but I assume it hasn't changed based on the comments of others) The bugzilla entry above links to what will probably be the long-term solution to this -- a smarter firewall. You could implement that sort of thing yourself, but personally, I'd make sure my other system security was in good shape, and not worry about it for now. -- Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/>