Am 11.09.2013 12:30, schrieb Alec Leamas: > > That said, I see your point. Seems to boil down to that only the > application knows which port(s) to open and why, whereas only the > firewall can guarantee that it actually opens the ports requested by > user instead of something else. > So the application needs to ask the firewall to open one or more ports and the firewall has to ask the user for permission to do so. In this szenario the firewall knows what application wants which port(s) to be open. Letting the application directly ask for permission to punch holes in the firewall is IMHO the worst case of all and a securiry nightmare. -- Regards, Heiko Adams
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
