[CentOS] Default Firewall Entries

Mickael Maddison mike at kamloopsbc.com
Mon Apr 11 19:05:04 UTC 2005


Hello Johnny,

Thanks for the great links.  Looks like I can safely dump these two.

-- 
Best regards,
 Mickael
 mailto:mike at kamloopsbc.com


Monday, April 11, 2005, 3:22:49 AM, you wrote:

JH> On Sun, 2005-04-10 at 20:24 -0700, Mickael Maddison wrote:
JH> {snip}
>> I'm curious... there seems to be a couple of default firewall rules
>> that I'm not familiar with in the CentOS 4.0

JH> These are also present in RHEL-4 and FC-3 from RedHat :)

JH> {snip}
>> Particularly, the 5353 udp allowing from 224.0.0.251 and the 631 udp.
>> Anyone know what these are for, and if they should be disabled?

JH> The 5353 udp is multicast DNS (or mDNS for short) ... here are a couple
JH> links:
JH> http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt
JH> http://www.multicastdns.org/


JH> The 631 udp port is for "Internet Printing Protocol".  It is how cupsd
JH> sees external printers. Here are some details:
JH> http://mirror.centos.org/centos/4/docs/html/rhel-sag-en-4/s1-printing-sharing.html
JH> -------------------------------------------
JH> Also ... specifically from the RHEL-4 release notes:

JH> "system-config-securitylevel

JH> The firewall constructed by the system-config-securitylevel
JH> configuration tool now allows CUPS and Multicast DNS (mDNS) browsing.
JH> Note that, at the present time, these services cannot be disabled by
JH> system-config-securitylevel."
JH> -------------------------------------------
JH> SO ... if the box needs to do either mDNS or CUPS printer browsing, you
JH> need them enabled.  If not, you can remove them.

JH> Thanks,
JH> Johnny Hughes




JH> __________ NOD32 1.1056 (20050411) Information __________

JH> This message was checked by NOD32 antivirus system.
JH> http://www.nod32.com





More information about the CentOS mailing list