On Wed, 2007-09-05 at 11:30 +0200, Nicolas Mailhot wrote: > In an handwaved perfect word, service-firewall-rules would display a > graph of the current firewall network ruleset (showing the packet flow > through blocks of rules), and services would just dump new blocks in > this graph that'd be grayed out till activated by the admin. > > This is something like a SoC project though. What's Fedora's stance on firewall / iptables management, anyway. Specifically with regards to other "iptables applications"? So far, the only way I see that external apps can co-exist with s-c-s is by using the "Custom Rules File" which simply appends rules to the end of the rules generated by s-c-s. I have two applications right now (one to limit DROP successive ssh accesses and another to DROP access from spam sources configured dynamically) and the use of the Custom Rules File is insufficient for the way it works (some rules need to be inserted at an arbitrary position relative to the rules generated by s-c-s and a regeneration of the integrated /etc/sysconfig/iptables file is needed whenever dynamic changes are made). How does Fedora intend to handle firewall management requests from external apps? Will it export some kind of IPC API? Or is Custom Rules File finally it? -- Richi Plana -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
