On Tue, Dec 09, 2014 at 11:52:01AM -0700, Pete Travis wrote: > On Dec 9, 2014 11:33 AM, "Chuck Anderson" <cra@xxxxxxx> wrote: > I should have said "ask firewalld for a port to be opened" - sorry, I > thought that would come from the context. > > Are you saying bind() should be talking to firewalld, via some approval > agent? how do we make that happen? My point was that a firewall is superfluous if a program can just ask firewalld to poke a hole in the firewall for it automatically, because a program can already ask the system to open a listening port for it using bind(2) (and listen(2) and accept(2)) when no firewall is present. It means that in a world where automatic-hole-punching exists, the only use of a firewall on the host is maybe to limit the SCOPE of such communication, not whether such communication is allowed at all or not. This is where firewall zones come in. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
