home user via users <users@lists.fedoraproject.org> wrote: > > # firewall-cmd --list-all > > FedoraWorkstation (default, active) > > target: default > > ingress-priority: 0 > > egress-priority: 0 > > icmp-block-inversion: no > > interfaces: eno1 > > sources: > > services: dhcpv6-client samba-client ssh > > ports: 1025-65535/udp 1025-65535/tcp > > protocols: > > forward: yes > > masquerade: no > > forward-ports: > > source-ports: > > icmp-blocks: > > rich rules: > > #
Jonathan Billings: > Let me get this straight…. > > You’ve posted both your user’s and root’s hashed passwords to a > public list, AND mentioned that you’ve got ssh open to the world. I > imagine your email headers probably also have your IP. > Well… Hmm, I hadn't noticed that he'd posted that password info, I just glossed over that post, though I do wonder how useful it actually is. But, fair enough, he should change it, I'm assuming he didn't just fake a hash for the post. If I had to post some example like that I just finger-dance random keys over the keyboard to fake one. I was under the impression that they wouldn't have SSH running, though, as it's a service that usually wasn't on by default. And their list of listening services confirmed it wasn't. A firewall list saying *that* port isn't blocked doesn't mean there's a service listening. Though I would have hoped the default firewall options would have blocked that service. I can't say I was that impressed by Fedora's firewall back when I was on dial-up (many years ago) and the internet had a direct connection to me. The default rule was accept rather than block. I used to have a script for my firewall, it set the defaults to block, then poked some specific allows through to suit my needs. Any time I wanted to change something, I edited the script and re-ran it. I could understand it, and was going to get consistent results from my script being applied. Looking at the current configurators for the firewall does present a bewildering list of options, and the help webpages for the firewall are quite academic. There's probably an argument for one of those wizard-style configurators for setting up your firewall. It doing a quick assessment of the services you have running, with some *explained* suggestions for some ports you might want to open, and ones you probably want closed. -- uname -rsvp Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue