On Tue, Mar 28, 2006 at 09:51:29AM +0200, Alexander Larsson wrote: > I must say I'm slightly bothered by the "lets have the apps punch holes > in the firewall" approach. If any app can open holes in the firewall, > what use is the firewall then? It will only be protecting ports that no > application is listening too. The proposal I made (umm dig, dig deep through archives 4 years ago) was that the firewall tool has an interface allowing applications to add holes and to deal with holes but that the config tool for the app would always ask when it seemed relevant eg You have just enabled network printing Currently your firewall only permits local access for printing Would you like to configure the firewall to allow network printer access Allow All Customize Deny All And also use the same hooks so that rpm -e deinstalls the firewall hole and closes it. Punching holes in general otherwise is dangerous.
