El día Saturday, March 11, 2017 a las 11:52:22AM +0100, Oliver Grawert escribió:
> > > > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> > > > tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN
> > > > tcp6 0 0 :::22 :::* LISTEN
> > > >
> > > >
> ...
> > > > That's why I requested some kind of firewall
> > rules to limit access to such ports based on source IP addr, for
> > example.
>
> just limit the client ip range in the sshd conf ...
This is in a read only file system.
> as others mentioned the only port that is open by default for an end-
> user is port 53 listening to requests coming from localhost. given that
> all other ports are closed a firewall gains you exactly nothing except
> complexity and the danger that you mess up configuring it ...
ofc, this should have a default config (all prohibited) and only experts
would open what the think to need;
> while the phone is mostly used by developers, the focus of the system
> ...
>
> also ... why would you keep ssh running when not actively developing ?
> it is surely nothing you should keep constantly running while not using
> the phone in development mode if you are seriously concerned about your
> device security.
>
> these are developer options you should be using while developing,
> nothing the system enables by default.
because I do any transports of file (pictures, downloads, ...) via SSH;
matthias
--
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/ ☎
+49-176-38902045
--
Mailing list: https://launchpad.net/~ubuntu-phone
Post to : ubuntu-phone@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-phone
More help : https://help.launchpad.net/ListHelp
