[Techtalk] Firewall settings
Carla Schroder
carla at bratgrrl.com
Mon Jan 16 07:00:04 EST 2006
On Saturday 14 January 2006 15:55, David Sumbler wrote:
> When I execute 'iptables -L -b' on my Fedora Core 4 system the output
> includes these lines:
>
> target prot opt in out source destination
>
> ACCEPT udp -- any any anywhere 224.0.0.251
> udp dpt:5353 ACCEPT udp -- any any anywhere
> anywhere udp dpt:ipp REJECT all -- any any anywhere
> anywhere reject-with icmp-host-prohibited
>
> I have omitted the "pkts" and "bytes" columns; there was traffic
> relating to lines 1 and 3, but not to line 2.
>
> What is port 5353, and why is it open for traffic to 224.0.0.251?
> What does that IP address represent?
That's a multicast port for ZeroConf, I believe. It's also used for ITunes,
which doesn't sound applicable to Fedora. Check in /etc/services to see what
it says.
>
> Ipp seems to be internet printing protocol; why would I need this
> port (631) open?
>
That's the CUPS port, and it needs to be open for printing to work. Access
controls are in cupsd.conf. This is a barebones config that allows only local
printing:
LogLevel info
Port 631
<Location />
Order Deny, Allow
Deny From All
Allow From 127.0.0.1
</Location>
To share it over a network, add an allow directive for the LAN and a broadcast
address, like
LogLevel info
Port 631
<Location />
Order Deny, Allow
Deny From All
Allow From 127.0.0.1
Allow From 192.168.1.*
</Location>
BrowseAddress 192.168.1.255
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
check out my "Linux Cookbook", the ultimate Linux user's
and sysadmin's guide! http://www.oreilly.com/catalog/linuxckbk/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list