On Mon, 20.08.07 15:19, David Hollis (dhollis@xxxxxxxxxxxxxx) wrote: > > On Mon, 2007-08-20 at 12:33 -0500, Arthur Pemberton wrote: > > > I run custom firewall rules. If you can get this idea to play > > nicely with > > > my custom script, and with Shorewall setups, and with > > s-c-securitylevel, > > > go for it. But I'm highly sceptical. If installing squid blows up > > my > > > custom firewall settings, I'm getting out my pitchfork. :) > > > > > > > Hence why I suggest doing this through s-c-secuirtylevel so that that > > functionality can centrally be disabled > > I think the ideal solution would be to use existing protocols (UPnP, > NAT-PMP) to talk to a daemon (avahi-daemon for example) that is > configured with basic policy settings (accept requests from this user, > IP, interface, etc) and could also talk on DBUS for GUI prompt type > stuff. The daemon would have config options to specify what chains to > alter, so that it can be made to work with other firewall scripts easily > and obtrusively. By using existing protocols, the exact same mechanism > can work with home routers and such, and likely even SOHO > 'firewalls'. Actually someone has started to work on a NATPMP client and server for inclusion in Avahi: http://web.midg3t.net/blog/ He usually lurks as "tedp" on #avahi on freenode. Lennart -- Lennart Poettering Red Hat, Inc. lennart [at] poettering [dot] net ICQ# 11060553 http://0pointer.net/lennart/ GnuPG 0x1A015CC4 -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
