-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/23/2009 05:54 PM, Ahmed Kamal wrote: >>To me it seems like a great idea, but your usual computer user > > does not really know about Apache and ports, IP's and the like. > > > Exactly the point, the user shares his desktop, or starts some service > using the services GUI, and FireKit should offer to help. Moreover, this > actually would improve desktop security, since without FireKit, a > typical user after wasting half an hour, would understand it was the > firewall blocking him, and would simply disable it for good. This > happens on any OS. However, with FireKit, pro-actively offering to help > the user, and requesting by default a limited time-window for opening > the ports, actually ensures a better desktop security > > > Other than that, if you need help, ask. > > > I do :) I'm not sure how this should integrate with policy-kit for > allowing which users should be able to control the firewall. Should > FireKit launch its own daemon that runs all the time, or is there some > other way. How to control iptables without running shell commands, and > how to hook on ports creation events. I guess I should be using some > python RTNETLINK bindings, any ideas? > Any examples, design decisions, and pointers to code samples to make my > life easier, are highly appreciated > > > What language do you intend to implement this in? > > > But of course python ;) > > Regards > Python does not make for a particularly efficient long-running daemon. And if your plan is to monitor for port openings in order to prompt, it's going to need to be a long-running daemon (also you'll probably want a kernel module component to signal your daemon when a port is opened) If I might suggest, you probably want to use a compiled language like C. The GLib C framework is probably a good approach, especially with its excellent glib-dbus integration. Furthermore, it would be an excellent idea to start putting together a project and try to recruit developers. I'd recommend requesting a project from someplace like Fedorahosted (or sourceforge, or freshmeat, etc., but I like Fedorahosted personally... makes it easy for other Fedora developers to contribute). - -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkppo38ACgkQeiVVYja6o6PsfwCeMXRsHV106STAtPBnSzjcXx8V tZQAoKRovvna7y2YHbJV+jn5JT0bYHvo =eU6D -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
