Services automaticly change firewall rules to open access to themselfs.
Lennart Poettering
mzerqung at 0pointer.de
Mon Aug 20 20:40:25 UTC 2007
On Mon, 20.08.07 15:19, David Hollis (dhollis at davehollis.com) wrote:
>
> On Mon, 2007-08-20 at 12:33 -0500, Arthur Pemberton wrote:
> > > I run custom firewall rules. If you can get this idea to play
> > nicely with
> > > my custom script, and with Shorewall setups, and with
> > s-c-securitylevel,
> > > go for it. But I'm highly sceptical. If installing squid blows up
> > my
> > > custom firewall settings, I'm getting out my pitchfork. :)
> > >
> >
> > Hence why I suggest doing this through s-c-secuirtylevel so that that
> > functionality can centrally be disabled
>
> I think the ideal solution would be to use existing protocols (UPnP,
> NAT-PMP) to talk to a daemon (avahi-daemon for example) that is
> configured with basic policy settings (accept requests from this user,
> IP, interface, etc) and could also talk on DBUS for GUI prompt type
> stuff. The daemon would have config options to specify what chains to
> alter, so that it can be made to work with other firewall scripts easily
> and obtrusively. By using existing protocols, the exact same mechanism
> can work with home routers and such, and likely even SOHO
> 'firewalls'.
Actually someone has started to work on a NATPMP client and server for
inclusion in Avahi:
http://web.midg3t.net/blog/
He usually lurks as "tedp" on #avahi on freenode.
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net ICQ# 11060553
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the fedora-devel-list
mailing list