On Sun, Jun 14, 2009 at 10:52:49AM -0700, Arjan van de Ven wrote: > On Sun, 14 Jun 2009 18:34:52 +0100 > > > > I think this is actually a problem that needs solving. We have > > several network services that are either installed by default or > > might be expected to be part of a standard setup, but which don't > > work because of the default firewall rules. The Anaconda people have > > (sensibly, IMHO) refused to simply add further exceptions to the > > firewall policy. > > there is an interesting issue; > if you poke a hole in your firewall for all the ports that are listening > automatically..... you might as well not have a firewall in the first > place... Well, not exactly. For instance, making it part of package management policy means that runtime user-level compromises can't poke holes. It could be tied to packages with recognised signatures. There's various ways that it could be tied down in such a way that the firewall still provides a benefit without leaving users in the current situation of "I installed nss-mdns and I still can't look up my media server". -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
