Re: Network Servers (where is my workgroup?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Just out of curiosity: which ports do i have to open to make it work?

ons, 20.10.2004 kl. 20.26 skrev Matthew Miller:
> On Wed, Oct 20, 2004 at 08:17:51PM +0200, Patrick wrote:
> > >https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=113918
> > Yes, it was the firewall issue. I opened smb ports and it worked fine, 
> > but isn't that less secure?
> 
> Marginally. The firewall is based on a packet filter -- if an incoming
> packet doesn't seem to have any business on the machine, the kernel drops it
> before it gets anywhere. That's a pretty good first defense. But if you
> don't have any services running on network accessible ports, those packets
> aren't going to have anywhere to go either. And even if you are running
> services (which you might punch through the firewall anyway), you should
> have other access control mechanisms (/etc/hosts.allow and /etc/hosts.deny,
> for example) in place too.
> 
> The problem is that it's not trivial to make a rule which allows the needed
> SMB traffic without basically making the whole firewall irrelevant. It
> requires tracking state, which the current system-config-securitylevel
> doesn't attempt. (disclaimer: haven't looked extensively at the FC3 one, but
> I assume it hasn't changed based on the comments of others)
> 
> The bugzilla entry above links to what will probably be the long-term
> solution to this -- a smarter firewall. You could implement that sort of
> thing yourself, but personally, I'd make sure my other system security was
> in good shape, and not worry about it for now.
> -- 
> Matthew Miller           mattdm@xxxxxxxxxx        <http://www.mattdm.org/>
> Boston University Linux      ------>                <http://linux.bu.edu/>


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]