Firewall and user services that needs open ports

Izhar Firdaus kagesenshi.87 at gmail.com
Mon Jun 23 01:56:50 UTC 2008


On Mon, Jun 23, 2008 at 3:06 AM, Andrew Farris <lordmorgul at gmail.com> wrote:
>
> There is no service which requires a firewall to be turned off... that does
> not exist.  What they require is configuration to function with the firewall
> on. Improvement of the firewall configuration tool would certainly be a good
> step forward, and perhaps more automated configuration via upnp, but turning
> it off is definitely the wrong move... no matter what service you're trying
> to get through it.
>

err, well, yeah, - firewall turned off or port opened - .. I know I
can use netstat -nap to find what ports that i need to open, but
JoeRandom can't do that ..  I didn't suggest turning off the firewall,
I really believe Fedora would never do that .. My question was, are
there any plans for handling such purpose .. because so far, the only
approach that i've seen is to disable the firewall - which is rather
an ugly move ..

On Mon, Jun 23, 2008 at 4:53 AM, Chuck Anderson <cra at wpi.edu> wrote:
> Why do we need a firewall when you can easily prevent services from
> being accessed...just stop the service!  Don't bind to the port, and
> it won't be possible to connect to it.
>

because JoeRandom don't know what daemon to turn on, and what daemon
to turn off.. he will turn on whatever daemon the found/install .. and
because binding port > 1024 doesnt need root, who knows what
(malicious) software might be utilizing those high ports ..

-- 
Mohd Izhar Firdaus Bin Ismail
Amano Hikaru
天野晃 「あまの ひかる」
http://fedoraproject.org/wiki/MohdIzharFirdaus
http://blog.kagesenshi.org
92C2 B295 B40B B3DC 6866 5011 5BD2 584A 8A5D 7331




More information about the fedora-devel-list mailing list