Am 01.08.2014 um 14:27 schrieb Nikos Mavrogiannopoulos:
I'm maintaining a VPN server in fedora and I'm wondering
whether
I'd need to integrate firewalld to that. After reading the information
in
https://fedoraproject.org/wiki/FirewallD I don't think I'm sure what
I'm supposed to do.
There are two issues:
1. Should my service turn on the firewall ports used by the server?
As far as I understand, in order for the service to work out of the box
I'd need to call firewall-cmd --port to enable the TCP and UDP ports
used by the server, possibly from the systemd unit file (are there any
hooks for that?)
please don't do that without asking the user
and *never* do that in the systemd-unit because
even if the user decides to close the port you
would open it again - that's a no-go
installing whatever service don't mean automatically
it is intended to be reachable on any interface and
that is independent of the type of service
nobody but the admin / user knows the intention of
a installed package and it is bad practice have to
close ports