Mailinglist Archive: opensuse-security (487 mails)
| < Previous | Next > |
Re: [suse-security] port 80 closed, Firewall up and still accepted??
- From: Andreas J Mueller <andy@xxxxxxxxxx>
- Date: Wed, 23 Oct 2002 23:57:54 +0200
- Message-id: <64416442883.20021023235754@xxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hi Piet!
> FW_SERVICES_EXT_TCP="www"
That's about the same as FW_SERVICES_EXT_TCP="http". ;-)
See /etc/services:
http 80/tcp # World Wide Web HTTP
www 80/tcp # World Wide Web HTTP
www-http 80/tcp # World Wide Web HTTP
So you're allowing outside access to your WWW server, whether it's
running or not. If you want to DROP packets when Apache is not
active, you need to find a way to modify the config file (remove the
www from the line above) and reload the firewall rules.
Regards, Andy
- --
Andreas J. Mueller email: <andy@xxxxxxxxxx>
PGP RSA Public Key ID 0x3D41D941 FP: ED261973D51D3D20 C840B0542E69F602
We strongly urge you to encrypt information sent by email. Our public
PGP key is available from http://132.176.114.28/q4408950/pubkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)
iQC9AwUBPbcbZ/obN5o9QdlBAQHY8gVAhKwXktrmilK5pXTiPZ38DgUhb+o0peW9
97/3ne5kJvrDCs2CexOQLNFcpWc7lBPGAKo2lV3jeJM4CNc0C3SrYwevI6TZg7oV
Q56LbXCGH/lFjIpnilmCmTgHi9kxYb6PjSguP3p+FrNAzdDdwtkGg/Fefdlw94fl
5VVQt0cd5lxY0eQHquykQgVJLPwzsktw5oH5/QVtXpicDQgFYzLPN8MuCDtNalsE
=up67
-----END PGP SIGNATURE-----
Hi Piet!
> FW_SERVICES_EXT_TCP="www"
That's about the same as FW_SERVICES_EXT_TCP="http". ;-)
See /etc/services:
http 80/tcp # World Wide Web HTTP
www 80/tcp # World Wide Web HTTP
www-http 80/tcp # World Wide Web HTTP
So you're allowing outside access to your WWW server, whether it's
running or not. If you want to DROP packets when Apache is not
active, you need to find a way to modify the config file (remove the
www from the line above) and reload the firewall rules.
Regards, Andy
- --
Andreas J. Mueller email: <andy@xxxxxxxxxx>
PGP RSA Public Key ID 0x3D41D941 FP: ED261973D51D3D20 C840B0542E69F602
We strongly urge you to encrypt information sent by email. Our public
PGP key is available from http://132.176.114.28/q4408950/pubkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)
iQC9AwUBPbcbZ/obN5o9QdlBAQHY8gVAhKwXktrmilK5pXTiPZ38DgUhb+o0peW9
97/3ne5kJvrDCs2CexOQLNFcpWc7lBPGAKo2lV3jeJM4CNc0C3SrYwevI6TZg7oV
Q56LbXCGH/lFjIpnilmCmTgHi9kxYb6PjSguP3p+FrNAzdDdwtkGg/Fefdlw94fl
5VVQt0cd5lxY0eQHquykQgVJLPwzsktw5oH5/QVtXpicDQgFYzLPN8MuCDtNalsE
=up67
-----END PGP SIGNATURE-----
| < Previous | Next > |