Tim <ignored_mailbox@xxxxxxxxxxxx> writes: > Allegedly, on or about 13 November 2012, lee sent: >> Great, that is going to conflict with my shorewall configuration when I >> update. And running another daemon process all the time for something >> that rarely ever changes once it's set up? Adding even more >> dependencies with networkmanager? Involving d-bus which is something >> nobody understands? That just sucks. > > I tend to agree. > > However, I can see one need for a daemon, though wonder whether it does > anything about it: Things that actually require dynamic firewall > configuration, such as the random port used by FTP, UPnP thingoes, et > cetera. If it doesn't actually provide a solution to problems like > them, then what's the point? They are saying on the web page that it has the advantages of not unloading the modules and being able to change FW configuration without interrupting connections and while keeping the firewall up. I've never had problems with that on Debian --- they are right though in that restarting shorewall would take the firewall down during the restart. I've never had issues with interrupted connections because of that. These are particularities of the implementation, though. There's no need to unload the modules, so something on Fedora must be intentionally unloading them. That the firewall is taken down rather than acutally modified when shorewall is stopped is shorewalls implementation. A constantly running daemon that can quietly modify firewall rules looks like a nice tool for creating security problems. I'd vote for making shorewall the default firewall in Fedora instead. Where can we make suggestions like that? FTP isn't using random ports. It's using two ports, and firewalls need to be set up correctly to deal with that. There's a kernel module for this very purpose. When starting shorewall, I'm getting messages like 'xt_CT: No such helper "ftp-0"' in /var/log/messages. I haven't looked into that yet --- any idea what they are supposed to tell me and what to do about it? -- Fedora 17 -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org