[clug] Bonjour/ZeroConf Advocacy

[Ian]

Thanks Alex for bringing this to my attention - I was aware of it's
existance, but hadn't realised that Ubuntu now supports it out of the
box (and my debian systems only took me a quick 'aptitude install
avahi-daemon' and cursing the random dependency on X11 libraries via
dbus).

<snip>

>> server_mdns_ports="UDB/5353"
>> client_mdns_ports="default"
>>
>> ...
>>
>> interface any world
>>    ...
>>    server mdns accept
>>    ...
>>    client all accept


For those of us who don't use 'client all accept' in our firewall (for
one of a great variety of fun an entertaining reasons - in my case
it's because I want my firewall to REJECT packets that would just get
lost in a data accounting server anyway, but you can imagine this
would be common for a corporate firewall):

server_mdns_ports="udp/5353"
client_mdns_ports="5353"
...
interface any world src not "$RESERVED_IPS"
  ...
  server mdns accept
  ...
  client mdns accept
  ...


For anyone wondering what RESERVED_IPS is doing - it's a list of IP
ranges marked as reserved by IANA and nothing good should be there
(yet). PRIVATE_IPS should be fairly obvious (private and test ranges),
and UNROUTABLE_IPS is a superset of the previous - a good one to use
on an interface directly connected to the internet.

Cheers,
-Ian

-- 
http://darkstarshout.blogspot.com/
--
On the day *I* go to work for Microsoft, faint oinking sounds will be
heard from far overhead, the moon will not merely turn blue but
develop polkadots, and hell will freeze over so solid the brimstone
will go superconductive.
     -- Erik Raymond, 2005
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html