Jan Ritzerfeld wrote:
I am trying to resolve the name of my printer via nss-mdns. It works fine with "avahi-resolve -n KY623B6B.local". But "ping KY623B6B.local" does not work because the SuSEfirewall2 blocks the incoming answers from port 5353 of the printer to a random port of my computer. The avahi service opens upd and broadcast on port 5353 but not answers from port 5353. Using FW_ALLOW_INCOMING_HIGHPORTS_UDP="mdns" makes "ping KY623B6B.local" working but that option is deprecated ...
Yes. That option is dangerous. Anyone can access your UDP ports above 1024 now. That includes for example rpc services and the mdns daemon itself. Put the interface into the INT Zone instead and get used to trusting your LAN. FW_ALLOW_INCOMING_HIGHPORTS_UDP just gives you a false sense of security. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org