Re: [opensuse] Re: Interactive Firewall Needed

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Wednesday, 2009-05-06 at 21:11 -0700, Prasun Dhara wrote:

But Just imagine a situation:
--> one person(Not an expert in Linux security) installed linux in his laptop for his personal use
--> For security reason he kept all his port closed in internal and external interface.(by default in open suse all ports are closed in external interface) [Yes its a very good security policy]

-->Now he wants to listen a song.so he needs to run a player(say kaffaine or VLC or amarok etc)These
players also needs some open port.So when ever he tries to run the
application request is silently drops.

I can't imagine a reason why a player would need to open a listening port to internet. Why? Not even if you have to download the music at that instant, like from an online radio, would any action be needed to open a port on the firewall, that's automatic (the connection is initiated from inside, not outside).

There is no port on the outside waiting for a connection, the player is not a server but a client.


--->Now
he wants to chat/voice chat with some one using a VOIP messenger. but
since this program also needs an open port.He cant do voice chat.Even
if all ports are open from internal interface no one from out side call
him since all ports are closed in external interface.[In this situation
do we expect to him to call a *SUPPORT* team and pay them? Isn't it
rediculus to call a security support team to chat with some one ?? ]I

He would need to do a similar action on the internet router. If he knows how to prepare the router, he also knows how to prepare the internal firewall. Plus, that VoIp program would have to document this in detail. Not to forget that some apps, like Skype, do not need any action.

- -- Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkoDXt4ACgkQtTMYHG2NR9VEyACfbVWra4LG4CE5Y48BDTGv2UI5
8ZsAnjQ/Z7CCp4AoQHfl5m0csAbU/csm
=uemu
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: VNC behind ISA Server
    ... Thanks - our situation is that we click the VNC connector & the external ... programmers pc is "listening in on port 5500" from what I can gather from ... 5900 or you "call" their VNC Viewer in listening mode that listens on port ... If you want this setup you need to pass port 5900 from internet to ...
    (microsoft.public.windows.server.sbs)
  • Re: Disable Port 25
    ... If you have Exchange, it's listening on port 25 on the server, which is ... normal as that's how you're supposed to be receiving Internet mail - I'm ...
    (microsoft.public.windowsxp.security_admin)
  • Re: port 1025 open by svchost.exe, how 2 disable?
    ... "Tony Martin" wrote in message ... > It appear port 1025 is open and listening on my ... > sites connecting to that port ... Security on the Internet". ...
    (alt.computer.security)
  • Re: Novice Questions: Non-Standard Service Listening on Port/Firewalls
    ... > on that one port I have listening a custom service that I wrote in C, ... > the server is directly connected to the Internet for all to see, ...
    (comp.security.misc)
  • Re: port is listening
    ... > out port some ports are already listening even though I haven't opened ... > TCP 0.0.0.0:8431 0.0.0.0:0 LISTENING ... This group relates to linux security (not ...
    (comp.os.linux.security)