On 12/06/2010 08:40 PM, Richard W.M. Jones wrote: > On Mon, Dec 06, 2010 at 11:15:37AM -0800, Jesse Keating wrote: >> On 12/06/2010 11:05 AM, Daniel P. Berrange wrote: >>> The other benefit would be if the user only intended the >>> service to be accessible to localhost, or a UNIX domain >>> socket but for some reason screwed up their service's >>> config& opened it to the world. >>> >> >> I could buy this if we actually alerted users to this, when in fact we >> /disable/ logging in the default firewall set, so your packets just >> magically disappear leaving the user scratching their head as to why >> the hell things aren't working. > > Yes, enabling logging of packets really helps to track down > firewall misconfiguration. > > What we really lack is good visibility for n00bs. Sure you can do > 'netstat -anp' to show open ports and (if you're more of an expert > than me) look at iptables to see what's wrong, but having nice GUI > tools to display this information would be better. > > (No, I'm not volunteering to write them ...) > > Rich. > Thats actually a really nice idea we could tackle with the firewall stuff Thomas is working on in the future. added_to_feature_list++ :) Thanks & regards, Phil -- Philipp Knirsch | Tel.: +49-711-96437-470 Supervisor Core Services | Fax.: +49-711-96437-111 Red Hat GmbH | Email: Phil Knirsch <pknirsch@xxxxxxxxxx> Hauptstaetterstr. 58 | Web: http://www.redhat.com/ D-70178 Stuttgart, Germany Motd: You're only jealous cos the little penguins are talking to me. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
