Re: Fedora 7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> #2 - Improving the system-config-securitylevel. This I need to split in
> two:

I maintain s-c-securitylevel, so I'll address this.

> #2.1 - The current way of setting up firewall rules is excessively
> simple, and makes it very difficult to have simple things like internet
> connection sharing for a home network. It would be very cool to have the
> ability to configure a simple 1:N NAT and some port redirection.

These sorts of features would be handy, I agree.  If they can be simple
one checkbox sorts of things, that's even better.  Getting into the port
redirection stuff takes s-c-securitylevel down a path I don't think we
want to go, though.  It's my understanding that it's never been
developed as the be-all firewall configuration tool that does everything
you'd want to do.  I certainly have not maintained it as such.

A checkbox for enabling NAT would be decent, but I don't know how much
farther beyond that I want to go.

> #2.2 - The local firewall has no logging feature. It's quite difficult
> for a user/home admin to know why something is not working if you don't
> have any kind of logs about what is being dropped because of the
> firewall blocking. Probably having logging enabled by default could be
> just overkill (most end-users won't care about it), but having a way to
> enable/configure logging would help those people a lot.

I have an open bug about this (151647 - it's fairly old at this point)
but have never gotten around to working on it since I didn't see it as a
huge feature.  Of course, I can go in and add it if there's that much
demand.  I can see it being useful for debugging firewalls.

The trick with both of these features is to add them without making the
UI a nightmare to use and maintain.  Maybe I should spend a while
thinking about how to do it.

Two things I want to do in s-c-securitylevel (and if I ever get done
reworking pykickstart, I'll get these in for 7) are:

(1) Rewrite lokkit in Python.  I can hack C but I'm slower at it and I
don't see it as particularly well suited to this sort of program,
especially with the goofy newt stuff.

(2) Make s-c-securitylevel not destroy any customizations you make by
hand.  I think this is the biggest problem affecting the program right
now and if I can come up with a good way to deal with it, I'll put the
fix in right away.  There's an open bug for this - 138143.

- Chris

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux