On 8/20/07, David Hollis <dhollis@xxxxxxxxxxxxxx> wrote: > On Mon, 2007-08-20 at 12:33 -0500, Arthur Pemberton wrote: > > > I run custom firewall rules. If you can get this idea to play > > nicely with > > > my custom script, and with Shorewall setups, and with > > s-c-securitylevel, > > > go for it. But I'm highly sceptical. If installing squid blows up > > my > > > custom firewall settings, I'm getting out my pitchfork. :) > > > > > > > Hence why I suggest doing this through s-c-secuirtylevel so that that > > functionality can centrally be disabled > > I think the ideal solution would be to use existing protocols (UPnP, > NAT-PMP) to talk to a daemon (avahi-daemon for example) that is > configured with basic policy settings (accept requests from this user, > IP, interface, etc) and could also talk on DBUS for GUI prompt type > stuff. The daemon would have config options to specify what chains to > alter, so that it can be made to work with other firewall scripts easily > and obtrusively. By using existing protocols, the exact same mechanism > can work with home routers and such, and likely even SOHO 'firewalls'. > > Besides that, a lot of programs already have support for standardized > protocols. Sure, for a totally local-only type of thing, it's a larger > number of hurdles to jump through, but then it can be the same hurdles > for local-only vs small-LAN, and potentially even larger LANs. Even better. All I ask is that more control over the security of the system is given to s-c-secuirtylevel. I like the console, esp. on a server. But when assisting people it is often convenient to point them to the appropriate GUI. -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com ) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
