I don't understand why this port rule in firewalld
Hi guys-
Just wondering, why the command to leave ports 1025-65535 open as a rule in firewalld. There is an article that they brought to the attention of the firewall people. It was under consideration. sudo firewall-cmd --get-active-zones FedoraWorkstation I don't know what you guys think. I turned the port rules off. thanks, roboloki |
https://pagure.io/fesco/issue/1372
That is where someone is talking about the ports being opened issue. I am not really sure. roboloki |
ultimately, it depends on how you intend to use your network connectivity. i usually leave them open so i can make connections outbound to the internet in a trivial way, these being the typical or randomly selected source ports.
1025-65535 should be 1024-65535 unless you have a reason to leave 1024 different from the others. someone could probe port 9216 by trying to make a TCP connection to it. if they get no response, they might assume it is blocked. if they get connection refused, they might assume many other ports are open and run a scan to see what might be listening (like databases and application servers). |
If I understand the question... That seems strange if those ports are specifically open as input.
Is that incoming or outgoing? Depends on how your particular distribution is configured but typically the ephemeral port range is 32768 - 60999. I have not played with Fedora much so not familiar with its default rules nor know what port range it uses but you can verify via: Code:
cat /proc/sys/net/ipv4/ip_local_port_range I leave a few special higher ports open < 32768 specifically for iptraf and other testing on my LAN but not open to the Internet. |
All times are GMT -5. The time now is 03:19 PM. |