On 4/25/25 11:22 PM, Tim wrote:
On Fri, 2025-04-25 at 18:38 -0600, home user via users wrote:
I do need for Firefox, Thunderbird, and dnf to be able to interact with
the "outside world" appropriately. I do occasionally need to be able to
download or upload things.
Beyond those (and maybe other appropriate things that don't at the
moment come to mind), I do not want anyone or anything to be able to get
into this workstation. For example, no "ssh", "scp", "rlogin".
I'll ask the obvious: Do you run any servers? e.g. Do you have a mail
server, or a webserver, that you try out locally?
No.
Generally speaking, you don't unless you deliberately set them up. And
if you don't have any servers listening for connections, there isn't
anything for an outside to connect to. And if you do set up servers,
you have to reconfigure them to listen to the outside world.
CUPs used to be installed (printer server), probably still is, but
doesn't need to be running, and should only be listening to LAN
addresses anyway.
When they set up fibre internet to my home they asked me to connect a
computer directly to their fibre adapter to test the network,
I connected a laptop with Fedora. They couldn't detect anything,
normally they can fingerprint a device by its chattiness. All they
knew was that an IP had been assigned to the device.
So a firewall is just belts and braces, or redundant.
netstat -ltuvpe
Will show what's listening (l) for connections on your computer using
TCP (t), and UDP (u), with verbose (v) answers, showing info about the
program (p) doing so, with extended (e) information.
You could post the output of that here if you wanted confirmation.
# netstat -ltuvpe
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State User Inode PID/Program name
tcp 0 0 _localdnsproxy:domain 0.0.0.0:*
LISTEN systemd-resolve 8849 842/systemd-resolve
tcp 0 0 0.0.0.0:llmnr 0.0.0.0:*
LISTEN systemd-resolve 8833 842/systemd-resolve
tcp 0 0 localhost:ipp 0.0.0.0:*
LISTEN root 14421 1097/cupsd
tcp 0 0 _localdnsstub:domain 0.0.0.0:*
LISTEN systemd-resolve 8847 842/systemd-resolve
tcp6 0 0 [::]:llmnr [::]:*
LISTEN systemd-resolve 8841 842/systemd-resolve
tcp6 0 0 localhost:ipp [::]:*
LISTEN root 14420 1097/cupsd
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
avahi 3950 905/avahi-daemon: r
udp 0 0 0.0.0.0:llmnr 0.0.0.0:*
systemd-resolve 8832 842/systemd-resolve
udp 0 0 _localdnsproxy:domain 0.0.0.0:*
systemd-resolve 8848 842/systemd-resolve
udp 0 0 _localdnsstub:domain 0.0.0.0:*
systemd-resolve 8846 842/systemd-resolve
udp 0 0 localhost:323 0.0.0.0:*
root 10105 1046/chronyd
udp6 0 0 [::]:mdns [::]:*
avahi 3951 905/avahi-daemon: r
udp6 0 0 [::]:llmnr [::]:*
systemd-resolve 8840 842/systemd-resolve
udp6 0 0 localhost:323 [::]:*
root 10106 1046/chronyd
udp6 0 0 c-76-25-2:dhcpv6-client [::]:*
root 38245 1029/NetworkManager
#
Thank-you, Tim.
--
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
