On Mon, 2007-08-20 at 12:33 -0500, Arthur Pemberton wrote: > > I run custom firewall rules. If you can get this idea to play > nicely with > > my custom script, and with Shorewall setups, and with > s-c-securitylevel, > > go for it. But I'm highly sceptical. If installing squid blows up > my > > custom firewall settings, I'm getting out my pitchfork. :) > > > > Hence why I suggest doing this through s-c-secuirtylevel so that that > functionality can centrally be disabled I think the ideal solution would be to use existing protocols (UPnP, NAT-PMP) to talk to a daemon (avahi-daemon for example) that is configured with basic policy settings (accept requests from this user, IP, interface, etc) and could also talk on DBUS for GUI prompt type stuff. The daemon would have config options to specify what chains to alter, so that it can be made to work with other firewall scripts easily and obtrusively. By using existing protocols, the exact same mechanism can work with home routers and such, and likely even SOHO 'firewalls'. Besides that, a lot of programs already have support for standardized protocols. Sure, for a totally local-only type of thing, it's a larger number of hurdles to jump through, but then it can be the same hurdles for local-only vs small-LAN, and potentially even larger LANs. -- David Hollis <dhollis@xxxxxxxxxxxxxx> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
