[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] UDP wide open?!?!?



Hello Andreas

On Thursday 31 October 2002 00.32, Andreas J Mueller wrote:
> Hi Anders!
>
> > The documentation in the SuSEfirewall2 script seems to be wrong. It
> > should be "dns" not "domain", and ntp doesn't seem to be supported (at
> > least I can't find it)
>
> "DNS" is a special value you can use for
> FW_ALLOW_INCOMING_HIGHPORTS_UDP.  It will allow access to UDP
> ports >= 1023 for the nameservers defined in /etc/resolv.conf only.

Yes, but the config file says "Common: "DNS" or "domain ntp"", but both 
"domain" and "ntp" will cause *all* udp ports to be open to *all* hosts, not 
just those in resolv.conf.

Anders

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here