What I HATE about F11

[Matthew Woehlke]

(Can you please configure your mailer to either wrap lines and/or use 
format-flowed?)

Casey Dahlin wrote:
> On 06/15/2009 03:19 PM, Matthew Woehlke wrote:
>> Casey Dahlin wrote:
>>> Really, init scripts should open the firewall ports they need when
>>> their service comes up (and I'll propose something for upstart 1.0
>>> later today to make that make more sense.)
>> How is that supposed to work when I only want to allow connections to a
>> service on a whitelist of IP addresses?
>>
>> Right now I do this with static iptables rules that I have set up
>> (which, since I am never /not/ running the daemon in question, doesn't
>> have any drawbacks I can think of off the top of my head).
> 
> You'll likely have to change some configuration to get exactly what
> you want, and we'll have to work for a set of defaults that don't
> ruin your life until you do.

Configuration is fine, just as long as there /is/ configuration and not 
running a service always exposes it to the world with no way to prevent 
that. (Prevention by editing init-scripts doesn't count ;-).)

-- 
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
-- 
End of Transmission