On Mon, Dec 06, 2010 at 11:15:37AM -0800, Jesse Keating wrote: > On 12/06/2010 11:05 AM, Daniel P. Berrange wrote: > > The other benefit would be if the user only intended the > > service to be accessible to localhost, or a UNIX domain > > socket but for some reason screwed up their service's > > config & opened it to the world. > > > > I could buy this if we actually alerted users to this, when in fact we > /disable/ logging in the default firewall set, so your packets just > magically disappear leaving the user scratching their head as to why > the hell things aren't working. Yes, enabling logging of packets really helps to track down firewall misconfiguration. What we really lack is good visibility for n00bs. Sure you can do 'netstat -anp' to show open ports and (if you're more of an expert than me) look at iptables to see what's wrong, but having nice GUI tools to display this information would be better. (No, I'm not volunteering to write them ...) Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones New in Fedora 11: Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 70 libraries supprt'd http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
