Services automaticly change firewall rules to open access to themselfs.
Jeremy Katz
katzj at redhat.com
Mon Aug 20 16:40:43 UTC 2007
On Mon, 2007-08-20 at 16:20 +0000, "Jóhann B. Guðmundsson" wrote:
> Any thoughts on implementing automatically port opening for service
> that need to open port access in the firewall
> as in when service is started that needs port opening it would
> automatically read some firewall.conf
> file for that and open the port automatically according to those
> settings in the firewall.conf file
> ( add the iptables rules automatically when the service is started and
> remove those rules when the service is stopped )
>
> Doing chkconfig service or service service start/stop and it would also
> open the port for that service in the firewall
I think it's a great idea and would go a long way towards making things
more usable. One of the questions is do you do the firewall change on
service start/stop or at chkconfig time. And I'm a little bit torn on
that one. chkconfig time makes it "simpler" as far as not requiring
initscript changes. start/stop seems like it's probably more "correct",
but would then require initscripts to call a new function on start/stop
Jeremy
More information about the fedora-devel-list
mailing list