On 12/06/2010 08:53 PM, Bill Nottingham wrote: > Phil Knirsch (pknirsch@xxxxxxxxxx) said: >> Basically it's a statefull firewall daemon now that allows us to support >> and implement a lot of those features which have been so critically >> missing in our old way of doing firewalls (aka static crap) and >> basically impossible to do there. One example is libvirt and how it has >> to change firewall rules dynamically depending on whether a guest is >> started or shut down, and those rules should survive a restart of the >> firewall (which currently they don't and can't). Roughly speaking it's a >> bit similar with the switch from our static initscripts for network >> configuration to NetworkManager and how it deals with network interfaces >> nowadays. > > Sounds good.... > >> One thing is e.g notifications to users when some service/app requests >> to open a port. First version won't have network zones yet, but he and >> Dan Williams are working on that for the next generation which will then >> basically allow it to let the user decide once for each >> interface/connection what should happen with it and never be bothered >> with it afterwards. > > ... but this seems absolutely wrong. The last thing we want is to be > pestering the user with information they may not understand, and are not > fully capable of acting on. Take the constant complaints about > SETroubleshoot, or the constant mocking of Windows Vista's security popups, > for example. I agree that this is a problem but it would be nice if firewalld could still keep track of this information and make it available on demand (basically a log). Maybe the notification could be based on that and only pop up if configured to do so by the users who care. Regards, Dennis -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
