Mailinglist Archive: opensuse-security (34 mails)

< Previous Next >
Re: [opensuse-security] nss-mdns and SuSEfirewall2
  • From: Jan Ritzerfeld <suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 12 Oct 2008 12:03:27 +0200
  • Message-id: <200810121203.27198.suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Am Mittwoch, 24. September 2008 schrieb Ludwig Nussel:

Jan Ritzerfeld wrote:
However, the strange part for me is that "avahi-resolve -n
KY623B6B.local" works fine. The summary of nss-mdns tells me that it
would use a running avahi deamon. I have a avahi deamon running, but
nss-mdns tries to resolve the name via mdns by itself. And failes,
because of the firewall.

try "echo mdns off >> /etc/host.conf". There is a patch in glibc
that make glibc itself resolve the .local zone instead of using
nss_mdns.

Oh, I assumed that this patch was replaced/obsoleted by nss-mdns. Wouldn't
it be a good idea either to add "mdns off" when installing nss-mdns
automatically, or to remove the glibc patch?

[...]
You could use FW_TRUSTED_NETS or FW_SERVICES_ACCEPT_EXT to allow
only the IP range of your LAN.
[...]

You convinced me of adding my internal IP range to FW_TRUSTED_NETS. :)

Gruß
Jan
--
Les États-Unis d'Amérique forment un pays qui est passé directement de la
barbarie à la décadence, sans jamais avoir connu la civilisation.
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups