redhat-config-securitylevel vs redhat-config-firewall?
Tommy McNeely
Tommy.McNeely at Sun.com
Tue Oct 7 04:11:06 UTC 2003
WOW! I can actually use the built in firewall right out of the box (for my
laptop anyhow)... although I don't recall the option to allow ipsec vpn
traffic, its in there (50 & 51 below), and RELATED,ESTABLISHED ! YAY!
However, I question the allowing of ALL ICMP traffic in?
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
I usually only allow "related/established" and don't have any troubles
... actually a lot of the dumber viruses/worms pass me by cause I respond
with an error on icmp echo. ofcourse they can't infect me, and I don't
know if allowing all icmp traffic even poses a vulnerability, but I have
always blocked it?
Also, why is it called redhat-config-securitylevel, when all it really
configures is the firewall.. wouldn't it make more sense to be called
redhat-config-firewall? isn't that what it used to be called? what other
security level stuff does it configure? :)
(ipsec vpn traffic)
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
Tommy
More information about the fedora-test-list
mailing list