On 12/06/2010 08:59 PM, Dennis Jacobfeuerborn wrote: > On 12/06/2010 08:53 PM, Bill Nottingham wrote: >> Phil Knirsch (pknirsch@xxxxxxxxxx) said: >>> Basically it's a statefull firewall daemon now that allows us to support >>> and implement a lot of those features which have been so critically >>> missing in our old way of doing firewalls (aka static crap) and >>> basically impossible to do there. One example is libvirt and how it has >>> to change firewall rules dynamically depending on whether a guest is >>> started or shut down, and those rules should survive a restart of the >>> firewall (which currently they don't and can't). Roughly speaking it's a >>> bit similar with the switch from our static initscripts for network >>> configuration to NetworkManager and how it deals with network interfaces >>> nowadays. >> >> Sounds good.... >> >>> One thing is e.g notifications to users when some service/app requests >>> to open a port. First version won't have network zones yet, but he and >>> Dan Williams are working on that for the next generation which will then >>> basically allow it to let the user decide once for each >>> interface/connection what should happen with it and never be bothered >>> with it afterwards. >> >> ... but this seems absolutely wrong. The last thing we want is to be >> pestering the user with information they may not understand, and are not >> fully capable of acting on. Take the constant complaints about >> SETroubleshoot, or the constant mocking of Windows Vista's security popups, >> for example. > > I agree that this is a problem but it would be nice if firewalld could > still keep track of this information and make it available on demand > (basically a log). Maybe the notification could be based on that and only > pop up if configured to do so by the users who care. > > Regards, > Dennis Aye, thats a good idea. And easily doable. Thanks & regards, Phil -- Philipp Knirsch | Tel.: +49-711-96437-470 Supervisor Core Services | Fax.: +49-711-96437-111 Red Hat GmbH | Email: Phil Knirsch <pknirsch@xxxxxxxxxx> Hauptstaetterstr. 58 | Web: http://www.redhat.com/ D-70178 Stuttgart, Germany Motd: You're only jealous cos the little penguins are talking to me. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
