please deactivate services by default!
Glen Turner
gdt at gdt.id.au
Sun Sep 28 12:20:41 UTC 2008
Stewart Adam wrote:
> I made a Feature page [1] for this a while back, but I didn't include
> ip6tables or setroubleshootd...
Please do not include ip6tables.
IPv6 will start anyway, at the very least with a link scope
address. So all you are doing is deactivating the firewall
for IPv6.
You should either deactivate both iptables and ip6tables,
or if you feel that is too insecure (as the current
default configuration assumes), activate them both.
One of the issues with IPv6 deployment is the number
of corporate firewalls which filter IPv4 but silently
pass IPv6 unfiltered through the firewall once the
firewall is (perhaps automatically) configured with
an IPv6 address. Let's not add Fedora to that list of
troubled systems.
I know less about SELinux, but from a user interface
point of view SELinux's "did you see that?" audit-based
approach is far superior to Vista's UAC "put you on the
spot" approach. Setroubleshootd is a key part to
delivering SELinux's user experience.
--
Glen Turner <http://www.gdt.id.au/~gdt/>
More information about the devel
mailing list