On Tue, 2009-06-16 at 16:39 -0700, Adam Williamson wrote: > On Sun, 2009-06-14 at 19:36 +0100, Matthew Garrett wrote: > > > > there is an interesting issue; > > > if you poke a hole in your firewall for all the ports that are listening > > > automatically..... you might as well not have a firewall in the first > > > place... > > > > Well, not exactly. For instance, making it part of package management > > policy means that runtime user-level compromises can't poke holes. It > > could be tied to packages with recognised signatures. There's various > > ways that it could be tied down in such a way that the firewall still > > provides a benefit without leaving users in the current situation of "I > > installed nss-mdns and I still can't look up my media server". > > Here's another variation on the popular AdamW theme "Wot Mandriva > Does"... <snippety> sigh, now I actually check system-config-firewall and see that it looks like it does much the same thing. I could really do with that Google 'cancel my last email' button in Evolution :) -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
