iptables/firewall brainstorming
Björn Persson
bjorn at xn--rombobjrn-67a.se
Mon Jun 15 19:53:43 UTC 2009
Thomas Woerner wrote:
> Please think of a scenario like this: Service A is adding
> firewall rules for opening port 20 and 21 (ftp-data and ftp) for
> everyone and service B is opening port 20 and 21 only for a specific
> network segment. What do you want to have here? If you apply A's rules
> first then 20 and 21 is open for everyone and the rules from B are not
> used at all. But if you apply B's rules first, ... What is the right
> ordering here? Should A or B win?
A and B will collide anyway when they try to listen on the same ports. I don't
see why it's important to make the packet filter rules coexist when the
daemons won't.
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090615/84918744/attachment.sig>
More information about the fedora-devel-list
mailing list