Why are these ports open in iptables on new FC4 install?
Scot L. Harris
webid at cfl.rr.com
Sat Feb 11 23:58:07 UTC 2006
Finally upgraded my main system to FC4. This was a clean install from
CD. yum update completed over night. I noticed the following entries
in the iptables rules:
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
Looked through the release notes and did not see anything related to
ports 5353, 50, 51, or 631.
Why is port 5353 open by default? From searching around this appears to
have something to do with multi cast DNS which seems to be tied to Apple
iTunes. I don't believe I installed anything that would need access to
Apple iTunes.
I also don't understand why ports 50 and 51 are open. I don't plan on
setting up a VPN at the moment and I don't know why these would be open
by default on a new install.
I'm also wondering about port 631 being open by default. I know this is
used for ipp printing but I have not setup this machine to provide print
services yet.
Is there a bugzilla entry on closing these? Or is there a reason these
ports are left open?
More information about the fedora-list
mailing list