fedora 10 avahi & firewall weirdness
Ignacio Vazquez-Abrams
ivazqueznet at gmail.com
Fri Nov 14 23:18:10 UTC 2008
On Fri, 2008-11-14 at 22:49 +0100, Christoph Höger wrote:
> > I think Fedora 9 firewall would allow avahi discovery packets through
> > by default, Fedora 10 doesn't. You'd need to add the appropriate rules
> > back to allow the avahi traffic through.
>
> That would be totally sane, and I would understand that, but why are
> packets from the outside allowed and not from the inside? Looks pretty
> useless in a security point of view to me.
mDNS uses a "push" architecture, not a "pull" architecture. Systems
broadcast service availability instead of being polled for it. So when
you query your local mDNS resolver, it checks to see if any services
have been pushed for a given host/service. A non-firewalled system will
see all pushes; a firewalled system will see none.
--
Ignacio Vazquez-Abrams <ivazqueznet at gmail.com>
PLEASE don't CC me; I'm already subscribed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20081114/fb33d9c1/attachment.sig>
More information about the fedora-devel-list
mailing list