pmfirewall, as long as you chose not to open the ports during the install, blocks external traffic to ports 5999:6003--XServer. Actually, I don't see the XFS port listed in the pmfirewall.conf file, but neither is it listed in my open/listening ports. NFS, on 2049 is blocked by pmfirewall because I elected to close it. If you are paranoid about ports being left open, pmfirewall.conf has examples of ipchains rules which you can copy, paste, and edit to match your needs/desires. I, either like an idiot with nothing better to do, or a madly anal bastard with nothing better to do, went through my pmfirewall.conf file just yesterday, and added to it all the ports for known trojans (linux, windows and otherwise), one by freakin' one of them, and now have a list of ipchains rules a mile and a half long! Of course, you can do this as well... or ask me to e-mail the damned thing to you so you don't have to type it all--I just hope I don't get an onslaught of requests that outnumbers the unread messages I have from this very mailing list! :-) --Greg ----- Original Message ----- From: "Ron Johnson, Jr." <[EMAIL PROTECTED]> > > Well that's pretty bad. I used PMFirewall to set up my ipchains > commands, but apparently it has left some things out... It > was my assumption that PMFirewall blocked everything then > allowed only certain ports in... > > Ron > Matthew Micene wrote: > > > > On Mon, 11 Sep 2000, you wrote: > > > Since the foreign address is 0.0.0.0, does that mean that these > > > ports are accessable by the world? Port 515 is the print > > > spooler, so it sounds bad that that should be world accessable. > > > > You'd better believe it. And if you want it to get worse, open an X > > Window session and watch X pop up on port 6000 and xfs on port 2046 I > > think. This is why EVERYONE running a linux box (at home or otherwise) > > needs to have a firewall installed of some sort. One solution is > > tcpserver as a replacement for inet super server because it supports > > binding to a specific interface or address. It is limited in the fact > > that it only handles TCP protocols. ______________________________________________________________________________ Vous avez un site perso ? 2 millions de francs � gagner sur i(france) ! Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
