Just out of curiosity: which ports do i have to open to make it work? ons, 20.10.2004 kl. 20.26 skrev Matthew Miller: > On Wed, Oct 20, 2004 at 08:17:51PM +0200, Patrick wrote: > > >https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=113918 > > Yes, it was the firewall issue. I opened smb ports and it worked fine, > > but isn't that less secure? > > Marginally. The firewall is based on a packet filter -- if an incoming > packet doesn't seem to have any business on the machine, the kernel drops it > before it gets anywhere. That's a pretty good first defense. But if you > don't have any services running on network accessible ports, those packets > aren't going to have anywhere to go either. And even if you are running > services (which you might punch through the firewall anyway), you should > have other access control mechanisms (/etc/hosts.allow and /etc/hosts.deny, > for example) in place too. > > The problem is that it's not trivial to make a rule which allows the needed > SMB traffic without basically making the whole firewall irrelevant. It > requires tracking state, which the current system-config-securitylevel > doesn't attempt. (disclaimer: haven't looked extensively at the FC3 one, but > I assume it hasn't changed based on the comments of others) > > The bugzilla entry above links to what will probably be the long-term > solution to this -- a smarter firewall. You could implement that sort of > thing yourself, but personally, I'd make sure my other system security was > in good shape, and not worry about it for now. > -- > Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> > Boston University Linux ------> <http://linux.bu.edu/>