Once upon a time, Bill Nottingham <notting(a)redhat.com> said:
Chris Adams (cmadams(a)hiwaay.net) said:
> > a) binds to a local unprivileged UDP port
> > b) sends a broadcast SNMP request
> > c) listens for (unicast) responses to that request
> >
> > We don't hear any of those responses because they are not recognised as
> > "related" by the kernel. The iptables rules drop them.
> >
> > If the CUPS snmp backend could say to "the firewall", "hey,
please allow
> > responses on this port I've got for the next few seconds" -- which
can
> > be controlled using PolicyKit -- then this network discovery would
> > finally work.
>
> Congrats, you have re-invented UPnP, although a local-only version
> maybe (not that I think that is necessarily a bad thing).
I could be wrong, but I'd guess that any SNMP implementation probably
predates UPnP by a good bit.
Oh yeah, that's not what I meant. I meant the "daemon needs to notify
firewall of temporary change" mechanism is not a new requirement. UPnP
may not be the best way of doing that, but it would probably be better
to implement that for this kind of thing, rather than re-invent the
wheel.
--
Chris Adams <cmadams(a)hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.