On Thursday 23 July 2009 02:16:10 pm Ahmed Kamal wrote: > Here's a RFE for FireKit, a firewall desktop "kit". What this does is: > 1- Exposes a dbus interface for applications to programatically open/close > ports I don't exactly like this. If one application gets compromised, it can now open other ports that may be protected. Previously, it would require CAP_NET_ADMIN or some other root possessed capability to make changes. There are a lot of important services above 1024 that a normal user could bind to. You don't want the system to suddenly open those ports and allow traffic. > 2- Monitors as new daemons/applications that listen on non lo interfaces > are started, checks if iptables is currently blocking them, and if so, > warns the user that application X is currently blocked by the firewall This part I like. -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
