On 8/21/2013 12:50 AM, Martin Sustrik wrote: ...
You want admin to open one port in the firewall when the project is started. Going through the corporate process at this point is bearable and makes sense. Afterwards, you want to be able to expose arbitrary services through that port without having to go through port-opening process over and over again.
One additional point - if you really mean "arbitrary", including existing services, I hope you understand that a network operator that shuts down ANY current services would conclude they must then block yours too.
I.e., if I don't want FTP over the firewall (because it uses cleartext passwords), I definitely don't want TCPMUX (which allows FTP), or any other "accesses arbitrary services" port.
So that seems like a non-starter, unless by "arbitrary" you mean "extensions within your system" - which is how all current ports already work.
Joe