Services automaticly change firewall rules to open access to themselfs.
Arthur Pemberton
pemboa at gmail.com
Sat Sep 1 17:05:00 UTC 2007
On 9/1/07, Bruno Wolff III <bruno at wolff.to> wrote:
> On Sat, Sep 01, 2007 at 14:07:17 +0200,
> Benny Amorsen <benny+usenet at amorsen.dk> wrote:
> >
> > Administrators sometimes want to limit which traffic can reach
> > applications, and perhaps limit the risk when accidentally starting
> > applications. Automating firewall setup makes that useless.
>
> That is probably the main reason. And having apps undo restrictions seems
> like a really really bad idea.
So being able to easily disable this wouldn't be enough?
> Plus I have no confidence that apps can properly rewrite iptables rules
> correctly. iptables setups can have complications which will make it
> hard to change them. I have used subroutines for checking reserved ip
> ranges and have had services configured to only be available to local
> ip addresses or specific interfaces.
This is something that would/should work only if you're using
system-config-firewall
> I think the idea of having some way to help people who want a service
> available to the internet at large or some local ip addresses is a good
> idea, but it needs to be an add on step that can be skipped, not some
> invisible change behind the scenes.
>
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>
--
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )
More information about the fedora-devel-list
mailing list