Allegedly, on or about 14 November 2012, lee sent: > They are saying on the web page that it has the advantages of not > unloading the modules and being able to change FW configuration > without interrupting connections and while keeping the firewall up. > I've never had problems with that on Debian Nor I with Fedora. I used to change rules while testing things, I don't recall connections being broken when I did that. > A constantly running daemon that can quietly modify firewall rules > looks like a nice tool for creating security problems. Especially if controlled by applications, rather than the user. It's for reasons like that, that I always disallowed UPnP in modem/routers. Allowing applications, especially on Windows, to just do what they wanted with the firewall negated the concept of having one. > FTP isn't using random ports. It's using two ports, and firewalls > need to be set up correctly to deal with that. There's a kernel > module for this very purpose. There's two modes of FTP, active and passive. With one of them, the traditional method of using FTP, the second connection was on a random port. Sometimes you have to use a server that only works that way, and it can be a right pain. I haven't used Shorewall, so I can't comment on its behaviour. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
