> #2 - Improving the system-config-securitylevel. This I need to split in > two: I maintain s-c-securitylevel, so I'll address this. > #2.1 - The current way of setting up firewall rules is excessively > simple, and makes it very difficult to have simple things like internet > connection sharing for a home network. It would be very cool to have the > ability to configure a simple 1:N NAT and some port redirection. These sorts of features would be handy, I agree. If they can be simple one checkbox sorts of things, that's even better. Getting into the port redirection stuff takes s-c-securitylevel down a path I don't think we want to go, though. It's my understanding that it's never been developed as the be-all firewall configuration tool that does everything you'd want to do. I certainly have not maintained it as such. A checkbox for enabling NAT would be decent, but I don't know how much farther beyond that I want to go. > #2.2 - The local firewall has no logging feature. It's quite difficult > for a user/home admin to know why something is not working if you don't > have any kind of logs about what is being dropped because of the > firewall blocking. Probably having logging enabled by default could be > just overkill (most end-users won't care about it), but having a way to > enable/configure logging would help those people a lot. I have an open bug about this (151647 - it's fairly old at this point) but have never gotten around to working on it since I didn't see it as a huge feature. Of course, I can go in and add it if there's that much demand. I can see it being useful for debugging firewalls. The trick with both of these features is to add them without making the UI a nightmare to use and maintain. Maybe I should spend a while thinking about how to do it. Two things I want to do in s-c-securitylevel (and if I ever get done reworking pykickstart, I'll get these in for 7) are: (1) Rewrite lokkit in Python. I can hack C but I'm slower at it and I don't see it as particularly well suited to this sort of program, especially with the goofy newt stuff. (2) Make s-c-securitylevel not destroy any customizations you make by hand. I think this is the biggest problem affecting the program right now and if I can come up with a good way to deal with it, I'll put the fix in right away. There's an open bug for this - 138143. - Chris -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
