On 12/06/2010 08:59 PM, Dennis Jacobfeuerborn wrote:
On 12/06/2010 08:53 PM, Bill Nottingham wrote:
> Phil Knirsch (pknirsch(a)redhat.com) said:
>> Basically it's a statefull firewall daemon now that allows us to support
>> and implement a lot of those features which have been so critically
>> missing in our old way of doing firewalls (aka static crap) and
>> basically impossible to do there. One example is libvirt and how it has
>> to change firewall rules dynamically depending on whether a guest is
>> started or shut down, and those rules should survive a restart of the
>> firewall (which currently they don't and can't). Roughly speaking
it's a
>> bit similar with the switch from our static initscripts for network
>> configuration to NetworkManager and how it deals with network interfaces
>> nowadays.
>
> Sounds good....
>
>> One thing is e.g notifications to users when some service/app requests
>> to open a port. First version won't have network zones yet, but he and
>> Dan Williams are working on that for the next generation which will then
>> basically allow it to let the user decide once for each
>> interface/connection what should happen with it and never be bothered
>> with it afterwards.
>
> ... but this seems absolutely wrong. The last thing we want is to be
> pestering the user with information they may not understand, and are not
> fully capable of acting on. Take the constant complaints about
> SETroubleshoot, or the constant mocking of Windows Vista's security popups,
> for example.
I agree that this is a problem but it would be nice if firewalld could
still keep track of this information and make it available on demand
(basically a log). Maybe the notification could be based on that and only
pop up if configured to do so by the users who care.
Regards,
Dennis
Aye, thats a good idea. And easily doable.
Thanks & regards, Phil
--
Philipp Knirsch | Tel.: +49-711-96437-470
Supervisor Core Services | Fax.: +49-711-96437-111
Red Hat GmbH | Email: Phil Knirsch <pknirsch(a)redhat.com>
Hauptstaetterstr. 58 | Web:
http://www.redhat.com/
D-70178 Stuttgart, Germany
Motd: You're only jealous cos the little penguins are talking to me.