firewall changes for F-9+
Tim Niemueller
tim at niemueller.de
Mon Jan 21 08:40:45 UTC 2008
I just realized that my previous email was rather short.
The current setup for printing and mDNS is perfect for our desktop
machines. Let me give you a few impressions of the scenario why it fits
so well:
We have a central Fedora-based print-server. This uses cups broadcast
messages to announce printers. A freshly installed desktop or laptop
with udp:631 open will catch these messages and have the printer
available, no configuration needed at all! So this port has to be open
on the clients to get these auto-configure messages!
On our network we make use of mDNS. For example our robots announce
there services on the network. So in the control application you can
just choose any of the currently available robots and start working, no
typing of a robot name needed.
For servicing it is also good to see VNC hosts in vinagre. No typing, it
just works.
About IPSec I'm not completely sure. But we are using a Cisco VPN
Concentrator with vpnc. I don't know for sure atm if that is tunneled
via UDP or if this needs AH/ESP at all. This should be investigated as
this is a service provided by default via NetworkManager-vpnc!
So I think having these ports open on a freshly installed desktop in
fact makes a lot of sense, because it complements the "just works"
ambitions the desktop has. For the IPSec more investigation would be
needed if the protocols actually need to be open to establish a client
connection.
Tim
--
Tim Niemueller <tim at niemueller.de> www.niemueller.de
=================================================================
Imagination is more important than knowledge. (Albert Einstein)
More information about the fedora-devel-list
mailing list