From: Chuck Anderson <cra@WPI.EDU>
To: cerowrt-devel@lists.bufferbloat.net
Subject: [Cerowrt-devel] open ports on WAN
Date: Sat, 19 Apr 2014 12:36:39 -0400 [thread overview]
Message-ID: <20140419163638.GX16334@angus.ind.WPI.EDU> (raw)
I was curious to see what services were open on the WAN to the CeroWrt
router itself. It looks like the following services are open and not
firewalled via iptables directly:
21 telnet
22 ssh
23 ftp
873 rsync
12865 netserver
The only thing blocking access is the xinetd configuration:
defaults
{
per_source = 16
only_from = 192.168.0.0/16 172.16.0.0/12
instances = 18
max_load = 16
}
Is this a good idea, relying only on this default config to block
access to those services? Or should the iptables firewall default to
blocking everything and only poke holes where they are needed rather
than how it is now--only blocking a list of ports which doesn't
include the above ports?
next reply other threads:[~2014-04-19 16:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-19 16:36 Chuck Anderson [this message]
2014-04-19 17:52 ` Dave Taht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140419163638.GX16334@angus.ind.WPI.EDU \
--to=cra@wpi.edu \
--cc=cerowrt-devel@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox