Subject: | |
From: | |
Reply To: | |
Date: | Thu, 25 Oct 2007 16:05:53 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
In the distant past, I used to add several ACCEPT rules for afs in
ipchains or iptables when using openafs clients. But somewhere in time
I stopped doing this (not conciously -- it just slipped my mind when
making my checklist at some point), yet I've never noticed a problem
while using the default iptables rules that end with a default REJECT in
my SL installations. I've gotten a couple bits of different advice from
individuals and the web (for instance: http://help.unc.edu/?id=5513 )
indicating that I need firewall rules in place, but they don't all seem
to quite match up and I'm not familiar enough with afs and/or kerberos
communications to know what's really necessary.
So, first the short question: should I be adding firewall rules when
using SL 3/4/5 with the SL openafs-client packages?
If yes, then a medium (?) question: what rules should I add?
Long (?) question: How can I demonstrate a failure if I don't have the
firewall rules in place? A related question -- why haven't I noticed a
problem before?
-Wayne
|
|
|