On Sat, Sep 01, 2007 at 12:05:00 -0500, Arthur Pemberton pemboa@gmail.com wrote:
On 9/1/07, Bruno Wolff III bruno@wolff.to wrote:
On Sat, Sep 01, 2007 at 14:07:17 +0200, Benny Amorsen benny+usenet@amorsen.dk wrote:
Administrators sometimes want to limit which traffic can reach applications, and perhaps limit the risk when accidentally starting applications. Automating firewall setup makes that useless.
That is probably the main reason. And having apps undo restrictions seems like a really really bad idea.
So being able to easily disable this wouldn't be enough?
I don't think so. I thought making it easy for people to shoot themselves in the foot was the Microsoft way.
Plus I have no confidence that apps can properly rewrite iptables rules correctly. iptables setups can have complications which will make it hard to change them. I have used subroutines for checking reserved ip ranges and have had services configured to only be available to local ip addresses or specific interfaces.
This is something that would/should work only if you're using system-config-firewall
And how is the code going to determine that?