On Thu, Jan 17, 2008 at 12:48:27PM -0500, Jon Stanley wrote:
On Jan 16, 2008 7:07 PM, Bastien Nocera <bnocera(a)redhat.com>
wrote:
> IpSec and IPP as services don't sound very much like desktop
> applications.
IPSec sounds reasonable since users may be using a VPN client in order
to access a corporate or remote network. If not enabled by default,
there needs to be something easy in s-c-firewall to enable it, since
making IPSec work is a non-trivial endeavor. In the 'server' profile,
though - it's absolute rubbish. If someone wants to run a VPN server,
they should know enough about it to configure the firewall
appropriately :)
I think you don't need open ports for VPN clients. State firewall
should take care about such situation, doesn't?
Adam
--
Adam Tkac, Red Hat, Inc.