On Saturday 01 September 2007 03:34:29 Benny Amorsen wrote: > >> Basically, what this means is, "don't allow incoming traffic except > >> where root says it's ok", which might sometimes be what you want to > >> achieve. > > AP> By the way, I still think that tis is a good idea. > > It would be nicer if the bind() failed in the application. We now have rsyslog in the distribution. It should be simple to create a configuration command that greps for iptables events and notifies the user in realtime kind of the way that setroubleshoot does. As a matter of fact, what might be even more useful is a command that watches for disk drive errors and tells the user that its starting to see the hard drive fail. But from a security point of view, I don't think its a good idea for apps to be able to punch a hole in the firewall. -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
