Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.security > #344

Allow new incoming connection?

From buck <buck@private.mil>
Newsgroups comp.os.linux.security
Subject Allow new incoming connection?
Date 2013-06-21 18:29 +0000
Organization Say What?
Message-ID <kq261g07eh@news1.newsguy.com> (permalink)

Show all headers | View raw

I recently acquired a B&N Nook, which has caused me to raise these 
questions.

First, a definition:  Ports greater than 1024 are "unreserved" or "high" 
ports.

My firewall is configured to allow ESTABLISHED and RELATED tcp 
connections where both source and destination ports are high, but it 
rejects NEW unless these are specifically allowed.  For example, I allow 
incoming VNC on --dport 5900 to one computer and 6502 (for a program 
similar to VNC called NetOp) on another.

The Nook is going nuts because it is being prevented from establishing 
NEW connections from google (74.125.142.0/24) on high ports.

Is my rejection of NEW on high ports wrong?  Should I allow just google?  
What is best practice (and why?)?
-- 
buck

Back to comp.os.linux.security | Previous | NextNext in thread | Find similar

Thread

Allow new incoming connection? buck <buck@private.mil> - 2013-06-21 18:29 +0000
  Re: Allow new incoming connection? Aragorn <thorongil@telenet.be.invalid> - 2013-06-21 20:36 +0200
    Re: Allow new incoming connection? buck <buck@private.mil> - 2013-06-22 06:46 +0000
      Re: Allow new incoming connection? Aragorn <thorongil@telenet.be.invalid> - 2013-06-22 08:53 +0200
    Re: Allow new incoming connection? Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2013-06-22 14:47 +0200
      Re: Allow new incoming connection? Aragorn <thorongil@telenet.be.invalid> - 2013-06-22 15:09 +0200
        Re: Allow new incoming connection? Richard Kettlewell <rjk@greenend.org.uk> - 2013-06-22 14:27 +0100
          Re: Allow new incoming connection? Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2013-06-22 16:37 +0200
  Re: Allow new incoming connection? Richard Kettlewell <rjk@greenend.org.uk> - 2013-06-21 20:01 +0100
    Re: Allow new incoming connection? buck <buck@private.mil> - 2013-06-22 06:35 +0000
      Re: Allow new incoming connection? Richard Kettlewell <rjk@greenend.org.uk> - 2013-06-22 09:39 +0100
  Re: Allow new incoming connection? David Hough <noone$$@llondel.org> - 2013-06-22 12:18 +0100
  Re: Allow new incoming connection? "Trevor Hemsley" <Trevor.Hemsley@mytrousers.ntlworld.com> - 2013-06-22 07:37 -0500
  Re: Allow new incoming connection? Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2013-06-22 14:56 +0200
    Re: Allow new incoming connection? buck <buck@private.mil> - 2013-06-22 17:35 +0000
    Re: Allow new incoming connection? buck <buck@private.mil> - 2013-06-22 18:01 +0000
      Re: Allow new incoming connection? "Trevor Hemsley" <Trevor.Hemsley@mytrousers.ntlworld.com> - 2013-06-22 14:29 -0500

csiph-web