[Request] Uncomplicated Firewall

Hello,
Ubuntu hardy introduces a new firewall ufw (Uncomplicated Firewall).
It's a tool for host-based iptables firewall configuration. This tool should provide an easy to use interface to the user, as well as support package integration and dynamic-detection of open ports.
It strikes me that this can make a good high level solution for configuring iptables on arch. It's very similar to the way network is set up with ethtool. What is your thoughts on this? I'm actually asking if this would be a solution that could be implemented to arch core, not to forget that it will be highly maintained, thus reduce the work for the arch team.
https://wiki.ubuntu.com/UbuntuFirewall
Last edited by hardframed (2008-02-10 20:10:33)

LTSmash wrote:
I did update a little bit the UFW PKGBUILD since the other posted here doesn't works anymore:
# Contributor: LTSmash <[email protected]>
pkgname=ufw
pkgver=0.16.2
pkgrel=1
pkgdesc="Ubuntu's Uncomplicated Firewall"
arch=(i686 x86_64)
url="https://launchpad.net/ufw"
license=('GPL')
depends=('iptables>=1.3.3' 'python>=2.5')
source=(http://archive.ubuntu.com/ubuntu/pool/main/u/ufw/ufw_${pkgver}.tar.gz)
md5sums=('833cc7452e1118f1fa37c3d065ddf66a')
build() {
cd ${startdir}/src/ufw-${pkgver} || return 1
python ./setup.py install --root=$startdir/pkg/ || return 1
#Docs
mkdir -p $startdir/pkg/usr/share/doc/$pkgname
install -m644 -t $startdir/pkg/usr/share/doc/$pkgname/ README* TODO || return 1
Hum, I already noticed that this won't work.
The setup.py somehow makes the executable to look for itself in the selected installation root, so the code MUST be patched to work correctly with pacman.
I'm looking forward to know how they package ufw for Ubuntu without experiencing this problem...
NOTE:
The error is this:
[root@LTS-Arch ufw]# ufw status
ERROR: uid is 0 but '/home/ltsmash/PKGBUILDS/ufw/pkg/etc/default/ufw' is owned by 501
NOTE: I didn't execute ufw from /home/ltsmash/PKGBUILDS/ufw/pkg/etc/default/ufw
Last edited by LTSmash (2008-05-18 21:32:28)

Similar Messages

  • RV220W - Feature Request - IPv6 Firewall

    At this moment (firmware 1.0.3.5) the router has no IPv6 firewall and therefore when used in a typical dual stack IPv4/IPv6 network it has no protection regarding IPv6 traffic. Hopefully this will be fixed with a firmware update before the World IPv6 Day on the 6th of June 2012.

    Cisco has a long list of bugs associated to the RV220W that needs to be addressed before they start adding new features.  We moved up to the SA540.  Not only are there ipv6 firewall options, the SA540 has IPS for a nominal yearly (or 3 year) fee.  You are looking at < $200 (from provantage.com) for a 3-year IPS license.  Not bad.

  • Uncomplicated Firewall & Netctl time consume on boot

    I'm not sure if that's normal for ufw service to load in 5 seconds with systemd,
    is it too long? If not, does alternatives work faster?
    An addition to that, automated netctl wireless service takes 10 secs to load. Should I use network-manager or something? I'm sure it takes less than that.
    I'm booting up in 21 seconds, so I'm on blank screen just to get a proper internet connection on.
    here is my output...
    [joyce@linuxg6-joyce tlp]$ systemd-analyze blame
    9.609s netctl@wlo1\x2dyou\x20shall\x20not\x20pass.service
    4.993s ufw.service
    1.731s systemd-logind.service
    1.593s systemd-fsck@dev-disk-by\x2duuid-08AD\x2d3F76.service
    1.470s systemd-vconsole-setup.service
    1.168s systemd-fsck@dev-disk-by\x2duuid-f061c423\x2dcbc1\x2d460b\x2d945c\x2dd85c478c855d.service
    839ms systemd-binfmt.service
    786ms systemd-fsck@dev-disk-by\x2duuid-e6fc1bb0\x2dc715\x2d4d9d\x2d91ff\x2d561910d1c545.service
    785ms sys-kernel-debug.mount
    753ms systemd-udev-trigger.service
    745ms systemd-tmpfiles-setup-dev.service
    725ms dev-mqueue.mount
    724ms systemd-remount-fs.service
    723ms sys-kernel-config.mount
    712ms dev-hugepages.mount
    675ms rc-local.service
    659ms tmp.mount
    627ms alsa-restore.service
    588ms proc-sys-fs-binfmt_misc.mount
    413ms polkit.service
    408ms cpupower.service
    304ms home.mount
    299ms udisks2.service
    298ms systemd-user-sessions.service
    293ms systemd-journal-flush.service
    288ms archive.mount
    278ms systemd-random-seed-load.service
    250ms dev-disk-by\x2duuid-195ad48c\x2d39a9\x2d4750\x2d967c\x2dd58a2c84b114.swap
    249ms systemd-update-utmp.service
    234ms systemd-sysctl.service
    224ms systemd-udevd.service
    129ms boot-efi.mount
    72ms systemd-tmpfiles-clean.service
    68ms systemd-tmpfiles-setup.service
    56ms upower.service
    30ms rtkit-daemon.service
    985us sys-fs-fuse-connections.mount
    NotaBene: Ignore the rc-local lameness, I was too lazy to change the name in guide while setting switcheroo.
    Last edited by Gulver (2013-05-24 07:16:17)

    I have always found the ufw takes quite a bit longer to load than iptables does.  Why, I have no idea.  I can't imagine that it is doing a whole hell of a lot more than plain iptables, since I think it actually uses the rules to make an iptables.rules file.  My iptables loaded in 53ms the last boot, but that is probably because i use a SSD.
    [email protected] (netctl enable <profile>) takes a long time because it does not actually complete until a dhcp address has been resolved.  You can make this faster by using a static IP address if that is a possibility.  Otherwise, you can set [email protected] it start instead.  Because it is meant to switch between networks, it does not wait for the interface to actually resolve, but rather sends notification of completion after it is able to simply parse and load the profiles you have told it to.
    I am curious how you have a service that is reporting in microseconds on the bottom.  I thought it was general concensus a couple releases ago to simply round to the ms to make it look nicer.  I have several services that start in 1ms, but I have not seen anything reported in us since 200(?) maybe.

  • Firefox is trying to send strange multiple requests on port 7070. As I allow the request nothing appears in "http headers" addon window. What could this be?

    Hi.
    I discovered my Firefox v26 was SOMETIMES trying to send multiple requests on port 7070 (ukrainian ip-address) independently on what websites were opened at the moment.
    The problem remains after v27 update.
    I have an addon "live http headers" installed.
    As I manually allow the request by firewall nothing appears in the headers window.
    Does my firefox seem to be modified with adware/spyware?

    Have you tried Opening your Firefox in Safe Mode
    [[Troubleshoot Firefox issues using Safe Mode]]
    please report back to us

  • Kubuntu Linux alternative to Win7 on NB505-N508BN

    Hi, here's a quick summary on installing Linux on my NB505-N508BN netbook (Win7 Starter, Atom Processor, 2GB RAM), If you're looking to have some fun with the netbook and are bored with Windows, try it out. Linux is free, open source sw and there are various linux packages. I chose Kubuntu (Ubuntu linux packaged by KDE).
    Pros: nice alternative to Win 7 (starter or otherwise)
    Cons: Battery gets drained faster than in Windows, and if you're looking for long hours of use, linux may not be for you.
    From Windows, open a browser, and find/download Kubuntu 11.04, nicknamed "Natty Narwhal". Unzip it and find and run an installer called 'wubi'. It'll install Kubuntu alongside Win 7. You'll have to 'restart' to finish the installation at the end of which you restart once again. This time, hit F12 and you'll have the option to boot from Windows or Kubuntu. Choose Kubuntu. If you really want, you can also download and install an image file onto a USB drive (get the Universal-usb-installer-1.8.6.0.exe; look up Pendrivelinux.com) and run Kubuntu from the usb drive itself.
    Raw Kubuntu 11.04 needs tweaks. Open its Rekonq browser, and download Firefox 4 (for Kubuntu/ubuntu)) and install. Then install Flash and Java. You'll need to open a terminal window and type commands to download. Here's the site for Java: http://www.multimediaboom.com/how-to-install-java-in-ubuntu-11-04-natty-narwhal-ppa/ Also, you can improve the Firefox setup by downloading the Oxygen theme: http://kde-look.org/content/show.php/Oxygen+KDE+%28Firefox+Theme%29?content=117962
    Install Skype (the webcam video turns out a bit darker than in the windows version) and Dropbox to share files in the Cloud. For audio and video play, fire up and configure the Amarok and Dragon Player that come with Kubuntu. You'll lose the  Fn-#3 and Fn-#4 key volume control but use a volume control app called KMix instead.
    Connect to Wifi by finding your home or hotspot wifi (note: it saves your wifi passwd in sleep/hibernate, but not if you reboot; you have to reenter it).
    The file organizer "Dolphin" is the equivalent of Windows Explorer. Find all your Windows files by clicking on Local Disk and drilling down. Kubuntu comes wih free LibreOffice that is like MS Office. I've opened and used Excel and Word files and saved them in MSOffice ('97 - 2000) formats.
    Download Avast! anti virus for linux (it's a 1 yr free subscription for a home workstation). Don't get the free AVG anti virus for linux -it doesn't install right. Note: you don't really need antivirus for linux, because linux is open source sw which is no safe haven for viruses. But I transfer files between my linux and windows folders, and so want to prevent ransferring a virus inadvertently). Download the Avast! DEB package: http://www.avast.com/linux-home-edition#tab4 and use right-click to open and install with GDebi package installer. Also setup a firewall (UFW or 'uncomplicated firewall'):  https://wiki.ubuntu.com/UncomplicatedFirewall.
    The look and feel of Kubuntu linux is quite inuitive, it boots fast, runs fast, even on my netbook with just 2GB RAM and an Atom processor. Right now, I'm posting this from my Firefox browser in Kubuntu. I haven't gone back to Windows except to backup my files onto a portable drive using EaseUS Todo software (since I can't find that sw for linux).
    Hope this gives you an idea of what you need to do to setup a linux alternative to Windows. Note: there are other flavors of linux like plain Ubuntu or others like Xubuntu and Edubuntu, openSUSE etc. Check out what they're about. Overall, if you are willing and able, you can have linux up and running and customized in a day or two. It's pretty cool. See some of the screenshots I have posted below as png graphics files.
    The only downside I see: the battery doesn't last as long as it did running Win 7 starter, for the same kind of tasks. I think I get about 2/3 rd the number of hours that I would get with Win 7 starter. Someone did a detailed study (http://www.carstenboysenjensen.com/en/articles/linux-distro-battery-test.html) and discovered that other flavors of linux - even supposedly 'lighter' ones, fare no better wrt battery life and that the culprit might be excessive hard drive access (and, consequently, I suspect, the fan, which works harder to keep the drive and other components cool). But otherwise, my Kubuntu 11.04 install on my netbook is fast, stable and great to work with.
    Cheers!
    Nat
    Attachments:
    nb505-n509bn-KubuntuLinuxInterface1.png ‏472 KB
    nb505-n509bn-Kubuntu-DragonPlayer.png ‏204 KB
    nb505-n510bn-Kubuntu-WindowsCdrivefiles.png ‏88 KB
    nb505-n508bn-Kubuntu-PostingthisnoteinFirefox.png ‏103 KB

    Hi, just a quick update. The 11.04 (K)ubuntu linux distro drains the battery significantly faster than Win 7. I recently learned that the kernel in 11.04 is far more power consuming than kernels used in previous distros such as 10.10 and that it is not clear why or how to overcome this. In this regard, the kernel in 11.04 is a step back from the earlier kernels, which is not a good thing for linux if it is to continue competing with Windows or the Mac's OS, particularly for very mobile devices such as laptops and netbooks that one wants to use unplugged and on battery alone for many hours -that's the whole point of being mobile. This is unfortunate, because Linux is otherwise a very viable and capable OS.
    My advice to folks on this forum who still would like to play with linux is to try the older versions such as (K)ubuntu 10.10 or just hang on to Windows 7 for now.
    Nat

  • Remote Printing in Solaris 8 across the network

    Hi
    I am trying to setup a printer on Solaris 8 server. The printer is located on the Client side outside our network and using the Axis Print Server.
    The way it is setup is... print request goes through our server to a virtual IP which forward the request to firewall via port 515, which further forwards the request to client's firewall and then inturn to printer.
    We have been able to setup the printer using the command:
    lpadmin -p "printername" -s "VirtualIP"!"print Queue on the client side"
    This works fine with the /usr/ucb/lpr command as the printer on the client side accepts only lpr command.
    However, the problem is, when we print manually, it prints fine. However when we run a script which as an output fires multiple prints to the printer, the Printer prints coule of files which are smaller in size but does not print the bigger file and nothing after that. it just keep on sitting on the queue.
    We have tried increasing the timeout to 120 secs but that didnt help either.
    Please suggest if you have any idea about this or if you have done the similar kind of setup in the past.
    Thanks in Advance.
    Cheers.

    Hello jnapier99
    The Officejet 6500 E709n does have a Windows 8 driver, however, it does not have a Windows 8 RT driver which is what the MS Surface tablet uses. This would explain the message you are receiving.
    Source: Supported Printers for Windows 8
    Don't forgot to say thanks by giving "Kudos" to those that help solve your problems.
    When a solution is found please mark the post that solves your issue.

  • Inbound emails from internet stuck in smtp database queue

    I have 4 exchange servers
    2 MBX and 2 CAS.
    I am forwarding the smtp request from firewall to cas02 and using cas01 as stand by.
    Email are working fine except some time when we look at the email queue emails get queued n smtp database. And it take very long time to route to user mailbox.
    My mailbox in the DAG.
    When I checked in the Active Directory DNS MX record pointing to cas01 and cas02

    Hi mswizard,
    Thank you for your question.
    How long time to route user mailbox?
    When did the email get queued? The specific or random a period of time?
    Email got queued comes from the specific domain or all external domain?
    In order to troubleshooting, when the email gets queued, we could collect the following information to
    [email protected]
    The application logs on Exchange server ;
    The System logs on Exchange server;
    Message tracking logs on Hub server in the following path:
    C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking
      4. SMTP logs on the Hub server  in the following path:
    C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive
    There are some reasons which may cause email queued for long time to delivery:
    Network issue
    Make sure no loop in network and other network issues.
      2. Exchange server performance
    The Exchange server didn’t deal with many emails at the same time owing to performance, we could improve the performance of the Exchange server. We could use
    performance monitor in EMC to check.
      3. Anti-virus software
    We could try to disable A/V to check if the problem that email is delivering to user mailbox persists for a long time.
    If there are any questions regarding this issue, please be free to let me know. 
    Best Regard,
    Jim

  • ADFS server in NLB cluster unable to reach all servers in the same subnet

    I have 2 ADFS (3.0) virtual servers (server 2012 R2 on VMware) in an NLB cluster (setup for Office 365 initially) and want to be able to use the SAML to connect to a couple of Linux servers in the same network to allow SSO to the Linux boxes.
    It was working then stopped and now the primary FS server (FS1) cannot ping either Linux box or one of our WS08R2 file and print servers. It can ping all other servers in the same network.
    I tried to get a packet capture with MS NetMon 3.4 but it only picked up the successful ping requests.
    Firewall is disabled but that made no difference.
    NLB cluster configured in Unicast mode as I found Office 365 and another outside service didn't want to work using Multicast or IGMP Multicast.
    The really bizarre thing is the secondary FS vm can ping the other boxes even with "ping server -S clusteraddress"
    Any suggestions as to where to look to track this down will be most welcome.
    Cheers
    David
    Cheers, David

    Hi,
    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
    Thanks for your understanding and support.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • WRT54GS Ver.6 responds to ping

    Hi, just got this router from PC World. I have set Block anonymouse internet requests under firewall, but i can still get a response back!
    Can anybody advise, other topics been posted but no definite answers!
    Firmware is 1.50.6 - I see no v6 upgrades on the linksys uk site.
    Thanks
    PaulMessage Edited by weedheid on 11-05-200612:57 PM

    actualy the pinging of the router from local connections will respond its the pinging from the outside that is supposedly gonna be blocked by the router. also if you do it from the inside and ping your public IP it will still work cause you are inside the network. try going to a cafe and ping it from there i believe you will see what you want.
    "Give them nothing... But take from them everything..."
    -Leonidas "300"

  • Multiple SSID With Multiple VLANs configuration on Cisco Aironet APs: Assotiated clients cannot obtain IP addresses

    Hi Surendra,
    I was just given this task to see how i can configure a second ssid for guest access in our environment.
    this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
    Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
    Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
    My AP config is attached below.
    Please tell me what am I doing wrong.
    Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
    Does the access point need to be aware of the voice vlan?
    Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
    I will greatly appreciate your urgent response.
    Thanks in advanced.

    Hi,
    As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
    int vlan 20
    ip helper-address 192.168.33.xxx
    int vlan 60
    ip helper-address 130.20.1.xxx
    I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
    Modify the AP config as below since you are using data vlan as the native vlan
    interface Dot11Radio0.20
    encapsulation dot1Q 20 native
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    no ip route-cache
    bridge-group 20
    no bridge-group 20 source-learning
    bridge-group 20 spanning-disabled
    interface FastEthernet0.60
    encapsulation dot1Q 60
    no ip route-cache
    bridge-group 60
    no bridge-group 60 source-learning
    bridge-group 60 spanning-disabled
    Hope this helps.
    Regards
    Najaf

  • RV042 - How to close all ports and leave some specific open

    Hello everybody,
    Here is the scenario of my network:
    - A company with 20 branches in Rio de Janeiro area. The main servers are in a datacenter located in downtown.
    Each branch has a RV042 router with firmware version 1.3.12.19-tm (Feb 13 2009 13:03:21) installed.
    All users in this network have a proxy configuration pointing to proxy.[blah].com.br port 3128.
    The HTTP/HTTPS traffic should go through proxy only.
    The network settings for every RV042 are similar:
    RV042 LAN IP = 172.16.***.1 /24.
    RV042 WAN IP = 192.***.***.*** /30.
    Network Setting Status
    LAN IP: 172.16.***.1 /24
    WAN1 IP: 192.168.***.*** /30               
    WAN2 IP: Not used
    Mode: Router
    DNS(WAN1): 208.67.220.220 / 208.67.222.222 [OpenDNS Service]
    DNS(WAN2): Not used
    Firewall Setting Status
    SPI (Stateful Packet Inspection): On
    DoS (Denial of Service): On
    Block WAN Request: On
    Firewall -> Access Rules Section: Please see below
    The problem:
    - Some "smart" users were caught using Ultrasurf application, which changes the proxy settings to go through port 9666 or even 443.
    In other machines, we've found some black proxies [for example: 212.46.27.142 port 8080].
    My objective:
    - To close all ports in Firewall -> Access Rules section and grant permission only to some selected and specified ports.
    - To redirect all HTTP/HTTPS connections to go to proxy's IP address only.
    Gentlemen, could you please tell me which Access Rules can I set in these RV042s in order to block and prevent these users to continue abusing this network? Is there anything else am I missing?
    P.S.: The users who were caught using Ultrasurf were fired. ;-)
    I gladly appreciate your comments.
    Thanks in advance,
    Luciano

    Hello Randy,
    Thanks for your answer. But let me tell you better. In this scenario, all machines in LAN can use RDP and VNC normally.
    I want to block everything else, just to avoid users to try using other ports.
    You might want to try Deny all traffic out, except for the PC's you need  to use RDP, and then only allow 80, and 443 to the proxy.[blah].com.br  port 3128. This way all web traffic would have to pass through that  proxy, otherwise it would be denied.
    In this network, we use VNC to provide remote IT support to users in these branches.
    They use RDP to access some servers in the datacenter.
    I think that the rule below line 6 is letting users go and traverse the proxy.
    Priority    Policy Name    Enable    Action    Service        Source Iface    Source    Destination        Time    Day
    *                                                  Allow    All Traffic [1]             LAN     Any        Any                  Always    
    How can I modify this access rule? It seems it cannot be altered.
    Thanks in advance,
    Luciano

  • Ports on hardned machine

    Does t3 ever use any ports besides the port configured on the servers to
    communicate back and forth between servers/clients?
    Stock Sun RMI does dont think t3 does but we have been having some weird
    problems
    with our hardned machines.

    NO, t3 by default doesnt. The only time you may run into issues is when you
    have configurations where something similar to NAT is going on, where WLS is
    binding to IP and PORT INSIDE, but the external client is connecting through
    a device that is translating external address.
    CLIENT ---request IP1---> FIREWALL translate IP2> WLS
    In this configuration, the client stubs can think they need to connect back
    to IP2 (the inside IP) vs. the external. You can configure at several touch
    points these external listen address and ports.
    Cheers
    mbg
    "Larry Presswood" <[email protected]> wrote in message
    news:[email protected]..
    Does t3 ever use any ports besides the port configured on the servers to
    communicate back and forth between servers/clients?
    Stock Sun RMI does dont think t3 does but we have been having some weird
    problems
    with our hardned machines.

  • RVS4000 ISAKMP Nat Problem

    Hi there,
    I'm currently dealing with a weird problem on a Cisco RVS4000.
    I'm tring to connect to a IPSEC VPN Gateway (NETASQ) located on the lan side of the RVS4000.
    I'm using Greenbow vpn client on the WAN side of the RVS4000
    Basicaly i'm trying to get through the RVS
    My VPN config is ok because i tested it on the lan side of the RVS
    The RVS is configured like this:
    NO VPN configured.
    Block WAN Request :OFF
    FIREWALL,IPS,DDOS are OFF
    NAT forwarding on for UDP 500 and 4500 directed from the wan to the ip of the VPN gateway
    Seems right because iv managed to do this with other routers (different brands) on another site
    I've wiresharked my vpn client and i keep getting ICMP destination unreachable (PORT UNREACHABLE) after my ISAKMP launching packet.
    Can the RVS nat these ports ?

    I've managed to discover the trick. These two ports are some kind of reserved for the cisco vpn system. You can fool this by nating These two ports to a different value on the wan side.
    wan --700--470 ---CISCO --- 500- 4500 ---YourVpnequipement

  • How do I stop my server from being a DNS open resolver used for DOS attacks

    I just received this message:
    Dear Charter Business Internet Customer,
    Charter Communications has been notified that a DNS server on your network participated in a large-scale network impacting distributed denial-of-service (DDoS) attack.  The DNS server is acting as an “Open Resolver” and requires configuration changes. 
    We are asking that you take immediate action to update the DNS server(s) on your network, to remediate this issue.  
    What action do I take to fix this?
    OSX Server 10.10.2
    Paul

    Paul Kleeberg wrote:
    I will also block port 53 from the outside.
    Once again, thank you all for your assistance.  As is obvious, I know just enough to be dangerous.
    Paul
    It seems odd to me that port 53 is allowing inbound requests - a firewall should be between your server & the internet, you may want to check other services too. The internal server firewall isn't intended to be the only line of defence unless you are experienced in setting it up. NTP or other services can be used in other attacks.
    I wonder if this could help… (it scans the open ports at your IP, ignore the styling of the site ).
    https://www.grc.com/x/ne.dll?bh0bkyd2

  • HT3204 new ipod touch. can access iTunes store. cannot create iTunes ID. get error "could not complete iTunes request. unknown error occured (-1202)".Ipod updated to latest issue,firewall exception allowed.SSL 3.0 & TSL 1.0 ok. Running windows Vista. Help

    New ipod touch 32gb. Can access iTune store.Can sample music selection. Completed latest update for ipod Can't make any purchases. Get error "could not complete your iTunes store request. An unknown error occured  (-1202)". security SSL 3.0 & TSL 1.0 OK. Firewall enabled for iTunes. ???

    laneymenion wrote:
    Using Proxy: Yes
    HTTP Proxy: 192.168.100.15:80
    Change the Using Proxy to No
    Have you allowed itunes and itunes helper in your security software firewall?

Maybe you are looking for