[Techtalk] Firewall settings
Dominik Schramm
dominik.schramm at slivery.cotse.net
Sun Jan 15 22:18:26 EST 2006
Hi David,
please consider this a "fallback" answer, in case no-one more
knowledgeable replies... ;-)
David Sumbler <david at aeolia.co.uk> wrote:
> When I execute 'iptables -L -b' on my Fedora Core 4 system the output
> includes these lines:
>
> target prot opt in out source destination
>
> ACCEPT udp -- any any anywhere 224.0.0.251 udp dpt:5353
> ACCEPT udp -- any any anywhere anywhere udp dpt:ipp
> REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
>
> I have omitted the "pkts" and "bytes" columns; there was traffic
> relating to lines 1 and 3, but not to line 2.
IPP is used by cups. If you don't print anything, then there is no
traffic to this port.
> What is port 5353, and why is it open for traffic to 224.0.0.251?
> What does that IP address represent?
224.0.0.251 is a multicast IP, belonging to a "link-local group",
i.e. the traffic is not forwarded outside the local network.
For details see
http://www.iana.org/assignments/multicast-addresses
and
http://www.rfc-editor.org/rfc/rfc3171.txt
You can try to ping it, and you may get a reply from all or some or
none of the members of this multicast group.
The IANA document mentioned above says that the multicast address you
see is assigned for "Multicast DNS", see here for details:
http://www.multicastdns.org/
> Ipp seems to be internet printing protocol; why would I need this
> port (631) open?
IMHO you don't need to have it open to the whole network iff one of
the following applies:
1. You don't print at all.
2. You don't use CUPS. (I *think* lpr and lprng do it differently, not
using ipp.)
3. You only print locally (on your own computer) and you replace that
rule by one allowing only traffic from localhost to localhost, ipp
port, or from yourhostname to yourhostname or combinations thereof.
regards,
dominik
More information about the Techtalk
mailing list