On 8/20/07, Jeremy Katz <katzj@xxxxxxxxxx> wrote: > On Mon, 2007-08-20 at 16:20 +0000, "Jóhann B. Guðmundsson" wrote: > > Any thoughts on implementing automatically port opening for service > > that need to open port access in the firewall > > as in when service is started that needs port opening it would > > automatically read some firewall.conf > > file for that and open the port automatically according to those > > settings in the firewall.conf file > > ( add the iptables rules automatically when the service is started and > > remove those rules when the service is stopped ) > > > > Doing chkconfig service or service service start/stop and it would also > > open the port for that service in the firewall > > I think it's a great idea and would go a long way towards making things > more usable. One of the questions is do you do the firewall change on > service start/stop or at chkconfig time. And I'm a little bit torn on > that one. chkconfig time makes it "simpler" as far as not requiring > initscript changes. start/stop seems like it's probably more "correct", > but would then require initscripts to call a new function on start/stop > > Jeremy I was actually thinking about this last night. My idea was to have it _possible_ for services to open a few ports on start, and close them on stop. But they wouldn't do so directly, they would ask system-config-securitylevel. This would allow admins to disable this functionality easily. -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com ) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
