On 03/08/2012 02:53 PM, Tore Anderson wrote:
The best solution would obviously be to just fix the default firewall in
Fedora too, but the firewall infrastructure maintainer is refusing to
make that change.
In short, he doesn't seem likely to change his mind any time soon.
He actually did :-)
On Thu, 2012-03-15 at 18:33 +0100, Jiri Popelka wrote:
On 03/08/2012 02:53 PM, Tore Anderson wrote:
The best solution would obviously be to just fix the default firewall in
Fedora too, but the firewall infrastructure maintainer is refusing to
make that change.
In short, he doesn't seem
On 03/07/2012 10:55 PM, Tore Anderson wrote:
3) I saw the following error message appear in the logs a few times:
warn (p17p1) firewall zone add/change failed: (32) ZONE_ALREADY_SET
It happens when you for example restart NM and it tells firewalld to add
interface to zone, but firewalld
* Ludwig Nussel
Uh, ssh would probably be the last thing I'd allow in the public zone by
default :-)
Fully agreed. On hosts that have the SSH daemon open from the world, I
see a constant stream of brute force attacks on it.
DHCP (both versions) appears to be left alone by attackers, on the
Jiri Popelka wrote:
Tell firewall to allow dhcpv6-client service for the given zone prior
to starting dhcpv6 client. We don't need to wait for the response
That looks odd to me. Why doesn't the zone config already allow dhcpv6
by default?
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_
On 03/07/2012 10:26 AM, Ludwig Nussel wrote:
Jiri Popelka wrote:
Tell firewall to allow dhcpv6-client service for the given zone prior
to starting dhcpv6 client. We don't need to wait for the response
That looks odd to me. Why doesn't the zone config already allow dhcpv6
by default?
That
Jiri Popelka wrote:
On 03/07/2012 10:26 AM, Ludwig Nussel wrote:
Jiri Popelka wrote:
Tell firewall to allow dhcpv6-client service for the given zone prior
to starting dhcpv6 client. We don't need to wait for the response
That looks odd to me. Why doesn't the zone config already allow dhcpv6
* Jiri Popelka
Yes and thank *you* to the outstanding work you've done in RHBZ#538499.
Just a few itsy bitsy teenie weenie patches left to apply before
NM/Fedora's IPv6 support is on par with Windows' and Mac OS X's...
We are talking about FirewallD [1] which should [2] be the default
Hi Jiri,
Tell firewall to allow dhcpv6-client service for the given zone prior
to starting dhcpv6 client. We don't need to wait for the response
because dhcp client keeps sending Solicit messages until it gets the
response (i.e. until firewall opens the port).
Thank you very much for looking
On 03/06/2012 09:03 AM, Tore Anderson wrote:
Hi Jiri,
Tell firewall to allow dhcpv6-client service for the given zone prior
to starting dhcpv6 client. We don't need to wait for the response
because dhcp client keeps sending Solicit messages until it gets the
response (i.e. until firewall opens
Tell firewall to allow dhcpv6-client service for the given zone prior
to starting dhcpv6 client. We don't need to wait for the response
because dhcp client keeps sending Solicit messages until it gets the
response (i.e. until firewall opens the port).
---
src/Makefile.am
11 matches
Mail list logo
