Services & firewall configuration
Bill Nottingham
notting at redhat.com
Mon Aug 25 21:50:22 UTC 2003
Ian Pilcher (i.pilcher at comcast.net) said:
> Reading the discussion about Taroon, portmapper, ports, etc., reminded
> me of one of the shortcomings of Red Hat Linux (and all other
> distributions AFAIK).
>
> It seems to me that the fundamental problem is the lack of "linkage"
> (for lack of a better word) between service configuration and firewall
> configuration. In an ideal world, the network access required by a
> service would be easy to determine -- perhaps with chkconfig-like meta-
> data in the init script. The firewall configuration program could then
> be enhanced to prompt accordingly.
>
> Even better, to my mind, would be to actually combine the services and
> firewall configuration programs. Instead of a single checkbox for each
> service, each service would have a checkbox for each interface. The
> network configuration program should probably prompt the user to run the
> firewall configuration when an interface is added.
>
> Just some thoughts on future directions. Flame away!
As it currently stands, things like portmap don't need to tweak
the firewall config; they will work just fine with the firewall
(allow connections initated from the host.)
Where you run into issues are if you *specifically* want to
expose a service, such as ssh, FTP, or HTTP.
Bill
More information about the devel
mailing list