> Yes, but you may have to punch holes in the firewall _as well_. I don't > think selinux security context would override any local firewall rules > which (as they stand today) lock down all ports that aren't explicitly > enabled for a service. Thats why you should be using selinux to prevent unwanted port bindings system wide. Disable firewalling in this case. Or at least limit it to ports <1024 or something. There's still the annoying question of ports the *kernel itself* is listening to. NFS serving likes to do this, and use random ports just above 1024 to do it. ;P
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
