[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] UDP wide open?!?!?
-----BEGIN PGP SIGNED MESSAGE-----
> The documentation in the SuSEfirewall2 script seems to be wrong. It should be
> "dns" not "domain", and ntp doesn't seem to be supported (at least I can't
> find it)
"DNS" is a special value you can use for
FW_ALLOW_INCOMING_HIGHPORTS_UDP. It will allow access to UDP
ports >= 1023 for the nameservers defined in /etc/resolv.conf only.
As for "UDP wide open": Did you consider the fact that every filtered
UDP port is reported as "open" by an nmap scan?
Andreas J. Mueller email: <andy@xxxxxxxxxx>
PGP RSA Public Key ID 0x3D41D941 FP: ED261973D51D3D20 C840B0542E69F602
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)
-----END PGP SIGNATURE-----
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here