Why are these ports open in iptables on new FC4 install?

[John Summerfied]

Scot L. Harris wrote:

> Looked through the release notes and did not see anything related to
> ports 5353, 50, 51, or 631.
> 
> Why is port 5353 open by default?  From searching around this appears to
> have something to do with multi cast DNS which seems to be tied to Apple
> iTunes.  I don't believe I installed anything that would need access to
> Apple iTunes.
Nothing to do with ITunes per se. Google for zeroconf, for apple+bonjour 
and apple+rendezvous

A lot of people are likely to want it, and most of those are not 
competent to configure it.
> 
> I also don't understand why ports 50 and 51 are open.  I don't plan on
> setting up a VPN at the moment and I don't know why these would be open
> by default on a new install.

Seems to me if you are one who's using IP6 it's something you'd want. If 
there's no IP6 around in your area, I don't see a problem.

> 
> I'm also wondering about port 631 being open by default.  I know this is
> used for ipp printing but I have not setup this machine to provide print
> services yet.
If you want to print _from_ it I suspect you'll want it. Printing works 
better on my Linux boxes than from my OS X and Windows. Printers come 
and go (as seen from my laptop) depending on which LAN it's on.

If you are not running CUPS, then nobody going to sucessfully send you 
UDP packets tp port 631.

> 
> Is there a bugzilla entry on closing these?  Or is there a reason these
> ports are left open?  
Open ports are perfectly secure if there's nothing listening.
> 

ps
You didn't say what your security setting is.


-- 

Cheers
John

-- spambait
1aaaaaaa at computerdatasafe.com.au  Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

do not reply off-list