Services & firewall configuration

Bill Nottingham notting at redhat.com
Mon Aug 25 21:50:22 UTC 2003


Ian Pilcher (i.pilcher at comcast.net) said: 
> Reading the discussion about Taroon, portmapper, ports, etc., reminded
> me of one of the shortcomings of Red Hat Linux (and all other
> distributions AFAIK).
> 
> It seems to me that the fundamental problem is the lack of "linkage"
> (for lack of a better word) between service configuration and firewall
> configuration.  In an ideal world, the network access required by a
> service would be easy to determine -- perhaps with chkconfig-like meta-
> data in the init script.  The firewall configuration program could then
> be enhanced to prompt accordingly.
> 
> Even better, to my mind, would be to actually combine the services and
> firewall configuration programs.  Instead of a single checkbox for each
> service, each service would have a checkbox for each interface.  The
> network configuration program should probably prompt the user to run the
> firewall configuration when an interface is added.
> 
> Just some thoughts on future directions.  Flame away!

As it currently stands, things like portmap don't need to tweak
the firewall config; they will work just fine with the firewall
(allow connections initated from the host.)

Where you run into issues are if you *specifically* want to
expose a service, such as ssh, FTP, or HTTP.

Bill





More information about the devel mailing list