Port blocks
If I choose to run a fingerd (port 79) or an IRC server on port 7000 why shouldn't I be free to use these ports?
One of the major attractions of an linode is the freedom. Various distributions to use, install whatever software you like…. This diminishes if you don't have a completely open pipe.
10 Replies
@oldosadmin:
The whole point is for your safety, not restriction. I appreciate the effort taken.
huh? Most of the listed port blocks related to Windows trojans. How does this protect your linode?
caker
Linode Staff
@guest1:
Most of the listed port blocks related to Windows trojans. How does this protect your linode?
Most of the ports blocked are UNIX related, not Windows:
79/tcp filtered finger
111/tcp filtered sunrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
449/tcp filtered as-servermap
513/tcp filtered login
514/tcp filtered shell
515/tcp filtered printer
555/tcp filtered dsf
2049/tcp filtered nfs
4045/tcp filtered lockd
6969/tcp filtered acmsoda
7000/tcp filtered afs3-fileserver
7100/tcp filtered font-service
12345/tcp filtered NetBus
12346/tcp filtered NetBus
27665/tcp filtered Trinoo_Master
31337/tcp filtered Elite
These ports are blocked for good reasons. If you can give me a good enough reason to unblock them, I'll consider it. But, fingerd for IRC isn't going to cut it.
With all of the existing Linode customers, a good number have been with us for more than a year and a half, and no one has complained thus far makes me inclined to keep things how they are…
-Chris
79/tcp filtered finger
111/tcp filtered sunrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
449/tcp filtered as-servermap
513/tcp filtered login
514/tcp filtered shell
515/tcp filtered printer
555/tcp filtered dsf
2049/tcp filtered nfs
4045/tcp filtered lockd
6969/tcp filtered acmsoda
7000/tcp filtered afs3-fileserver
7100/tcp filtered font-service
12345/tcp filtered NetBus
12346/tcp filtered NetBus
27665/tcp filtered Trinoo_Master
31337/tcp filtered Elite
These ports are blocked for good reasons. If you can give me a good enough reason to unblock them, I'll consider it. But, fingerd for IRC isn't going to cut it.
With all of the existing Linode customers, a good number have been with us for more than a year and a half, and no one has complained thus far makes me inclined to keep things how they are…
-Chris
Basically I am looking for a UML provider that offers an open pipe as a policy. This way I am confident than in the future they will not block any ports that I am relying on. This has currently happened with by cable supplier.
I would like to define my own network access policy using iptables based on the services I will be offering. These may or may not be the ones you have blocked, but I think it should be left to the user to decide. Considering that you recommend running a service on a different port if the port is currently blocked, it doesn't really offer any additional security. The cases where these port blocks may provide extra security is when a user enables every server on a Linux distributions and neglects to keep it up to date with security patches.
i'd look at it more as having a policy of forcing admins to adopt a minimal amount of security than a policy of blocking ports.
caker
Linode Staff
-Chris
I was hoping to get a linode at HE, as ping times are significantly better than The Planet from where I am located (Australia).
@guest1:
Are any ports blocked at the HE data centre?
No
How I can open the linode ports?