Services automaticly change firewall rules to open access to themselfs.

Lennart Poettering mzerqung at 0pointer.de
Mon Aug 20 20:40:25 UTC 2007


On Mon, 20.08.07 15:19, David Hollis (dhollis at davehollis.com) wrote:

> 
> On Mon, 2007-08-20 at 12:33 -0500, Arthur Pemberton wrote:
> > > I run custom firewall rules.  If you can get this idea to play
> > nicely with
> > > my custom script, and with Shorewall setups, and with
> > s-c-securitylevel,
> > > go for it.  But I'm highly sceptical.  If installing squid blows up
> > my
> > > custom firewall settings, I'm getting out my pitchfork. :)
> > >
> > 
> > Hence why I suggest doing this through s-c-secuirtylevel so that that
> > functionality can centrally be disabled 
> 
> I think the ideal solution would be to use existing protocols (UPnP,
> NAT-PMP) to talk to a daemon (avahi-daemon for example) that is
> configured with basic policy settings (accept requests from this user,
> IP, interface, etc) and could also talk on DBUS for GUI prompt type
> stuff.  The daemon would have config options to specify what chains to
> alter, so that it can be made to work with other firewall scripts easily
> and obtrusively.   By using existing protocols, the exact same mechanism
> can work with home routers and such, and likely even SOHO
> 'firewalls'.

Actually someone has started to work on a NATPMP client and server for
inclusion in Avahi:

http://web.midg3t.net/blog/

He usually lurks as "tedp" on #avahi on freenode.

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net         ICQ# 11060553
http://0pointer.net/lennart/           GnuPG 0x1A015CC4




More information about the devel mailing list