[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Any danger from these ports?

On Mon, 10 Jan 2005 17:19:16 +0000, Luciano Miguel Ferreira Rocha 
> Some server admins don't know how some protocols and application work.
> And I wouldn't want to see FC4 being rated as slow or disfuncional for
> network services by less knowledgeable admins,

I'm perfectly happy with those sorts of people running gentoo.  The
educational issues around selinux have already shaken out a good
number of 'those' people. This change would be a minor pertubation in
comparison i think.

Of course there maybe a default techical solution here... can a
default ipt_recent rule set be constructed to target the most
sensitive ports? Maybe its most reasonable to do this to ssh and the
imap/pop services? Maybe its only reasonable to protect ssh by
default?  Lots of room to provide a default use of ipt_recent that
strikes a compromise to off or on for all ports.  I'm fine with
incremental changes that turn this on for only ssh by default if this
is the most reasonable compromise.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]