RFE: FireKit

Colin Walters walters at verbum.org
Fri Jul 24 15:52:52 UTC 2009


On Fri, Jul 24, 2009 at 11:39 AM, Adam Miller<maxamillion at gmail.com> wrote:
>
> Might we want to look at having "firewall profiles" such that
> different sets of rules can be applied based on environment?

I'm uncomfortable to tying the solution for "desktop sharing button
doesn't actually work unless you run system-config-firewall" to a
profiles system for controlling individual ports based on network.
Maybe the toggle under the hood is a profile and system-config-network
knows about profiles, but I'm strongly against a big list of port
numbers in the default UI flow.

> Also, is this planned to modify /etc/sysconfig/iptables and just
> restart the service or is the plan to take a FireStarter approach and
> be a substitute for /etc/sysconfig/iptables?

I think that if you ever run system-config-firewall, you're a system
administrator and that tool wins, and the desktop firewall toggle
should be disabled.  How exactly that's expressed in the config system
I don't know.




More information about the devel mailing list