the recent security annoucement had zero to do with servers, of course.
Derrick
On Apr 6, 2009, at 9:34 PM, Russ Allbery <[email protected]> wrote:
Jason Edgecombe <[email protected]> writes:
In light of the recent security announcement, I would like to
review the
open firewall ports on my AFS servers.
For quick reference, here are the ports from the afsd man page:
fileserver 7000/udp
cachemanager 7001/udp
ptserver 7002/udp
vlserver 7003/udp
kaserver 7004/udp (not needed with Kerberos v5)
volserver 7005/udp
reserved 7006/udp (for future use)
bosserver 7007/udp
Which of these ports need to be open inbound for off-site clients
to work
properly?
7000 and 7005 on file servers, 7002 and 7003 on VLDB servers. 7007
only
if you want to allow bos access from off-site.
Would it hurt anything to block port 7001 inbound on a fileserver
or DB
server running an AFS client?
No. You only need port 7001 open to AFS file servers that you want to
talk to.
--
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/
>
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
