Services automaticly change firewall rules to open access to themselfs.

Benny Amorsen benny+usenet at amorsen.dk
Sat Sep 1 12:07:17 UTC 2007


>>>>> "AP" == Arthur Pemberton <pemboa at gmail.com> writes:

AP> Not everyone uses SELinux. Everyone (almost) uses iptables.

Applications already know how to ask for incoming connections. It's
generally done by calling bind().

Administrators sometimes want to limit which traffic can reach
applications, and perhaps limit the risk when accidentally starting
applications. Automating firewall setup makes that useless.

The whole point of firewalling is to explicitly specify what should be
allowed and denied. If you take away that control, there is no reason
to have firewalling.


/Benny





More information about the fedora-devel-list mailing list