[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] UDP wide open?!?!?



-----BEGIN PGP SIGNED MESSAGE-----

Hi Anders!

> The documentation in the SuSEfirewall2 script seems to be wrong. It should be
> "dns" not "domain", and ntp doesn't seem to be supported (at least I can't
> find it)

"DNS" is a special value you can use for
FW_ALLOW_INCOMING_HIGHPORTS_UDP.  It will allow access to UDP
ports >= 1023 for the nameservers defined in /etc/resolv.conf only.

As for "UDP wide open": Did you consider the fact that every filtered
UDP port is reported as "open" by an nmap scan?

Andy

- --
Andreas J. Mueller                            email: <andy@xxxxxxxxxx>
PGP RSA Public Key ID 0x3D41D941 FP: ED261973D51D3D20 C840B0542E69F602
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)

iQC9AwUBPcBsH/obN5o9QdlBAQGItgVAp3pkXOkJ6Bu9PxaL4TYPZ8sMU4m/wzF5
/r8usvPBBICe5dsz5RioMNJh40Ox3xK6/PRMiNGhTzhskQvUJ/fSFu4SZzXahs8O
yWJtoRI0EWbIyr691gn80tbpN78eFkT/QJLcHNBsbPDMX/t2oqY6t4rMZmwzilVG
0Z2pTXw8Xnw+qednaQf16Sbs3WuzcSLphUWYUzsioyHv39y/pH3wILcdbYw6/XYu
=cDMy
-----END PGP SIGNATURE-----


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here