Samba & IPTables
Dag Wieers
dag at wieers.com
Fri Aug 1 16:44:28 UTC 2003
On Fri, 1 Aug 2003, Epps, Aaron M. wrote:
PLEASE WRAP YOUR LINES at less than 80 characters per line.
> This suggestion is for "Home Users"... If someone's a SysAdmin and you
> have issues with figuring out Samba & IPTables then you shouldn't be
> one.
>
> IPTables are enabled by default, how is a user going to know that they
> have to stop the iptables service in order for Network Browsing to work?
>
> Also, I don't think just shutting off IPTables is a suitable solution,
> and even if they did shut off IPTables how many people do you know that
> have physical firewalls setup at home? If you also read my note, I
>suggested prompting the user if they wanted to open these ports, not to
> automagiclly go ahead an do it without their knowledge.
Maybe a personal firewall approach is needed. Just like it pop-ups a
yes/no dialog box for every outgoing or incoming connection such a program
could pop-up and ask to allow incoming calls for certain listen ports.
(The moment a program listens on a port an event is triggered)
And then you can decide to allow it from a single address, a network
range or decide to allow it on a case by case basis.
That's probably what 'Home Users' would expect anyway. The current
iptables firewall from Red Hat is a basic tool and limited in
functionality.
Kind regards,
-- dag wieers, dag at wieers.com, http://dag.wieers.com/ --
[Any errors in spelling, tact or fact are transmission errors]
More information about the fedora-list
mailing list