Stewart Adam wrote:
I made a Feature page [1] for this a while back, but I didn't include ip6tables or setroubleshootd...
Please do not include ip6tables. IPv6 will start anyway, at the very least with a link scope address. So all you are doing is deactivating the firewall for IPv6. You should either deactivate both iptables and ip6tables, or if you feel that is too insecure (as the current default configuration assumes), activate them both. One of the issues with IPv6 deployment is the number of corporate firewalls which filter IPv4 but silently pass IPv6 unfiltered through the firewall once the firewall is (perhaps automatically) configured with an IPv6 address. Let's not add Fedora to that list of troubled systems. I know less about SELinux, but from a user interface point of view SELinux's "did you see that?" audit-based approach is far superior to Vista's UAC "put you on the spot" approach. Setroubleshootd is a key part to delivering SELinux's user experience. -- Glen Turner <http://www.gdt.id.au/~gdt/> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
