On Sat, Sep 01, 2007 at 14:07:17 +0200, Benny Amorsen <benny+usenet@xxxxxxxxxx> wrote: > > Administrators sometimes want to limit which traffic can reach > applications, and perhaps limit the risk when accidentally starting > applications. Automating firewall setup makes that useless. That is probably the main reason. And having apps undo restrictions seems like a really really bad idea. Plus I have no confidence that apps can properly rewrite iptables rules correctly. iptables setups can have complications which will make it hard to change them. I have used subroutines for checking reserved ip ranges and have had services configured to only be available to local ip addresses or specific interfaces. I think the idea of having some way to help people who want a service available to the internet at large or some local ip addresses is a good idea, but it needs to be an add on step that can be skipped, not some invisible change behind the scenes. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
