firewall changes for F-9+

Thomas Woerner twoerner at
Wed Jan 16 17:52:32 UTC 2008


here are the latest changes for system-config-firewall for F-9+:

The usage of --port=<port>:<proto> for lokkit will open up this port and 
not a service using this port anymore. To enable a service you have to 
use the new --service=<name> option. There are no magic default open 
services. You have to open up the services, you want to use. The interim 
options --no-X; X in ["ipsec", "mdns", "ipp"] are obsolete now.

To setup a new firewall, you can use the new --default=<name> 
configuration option as a start:
   server  : ssh is enabled
   desktop : ipsec, mdns and ipp are enabled

These changes for lokkit also affect the kickstart firewall configuration.

There is an utility to convert existing configurations, which will be 
used automatically while updating the package.


More information about the fedora-devel-list mailing list