iptables/firewall brainstorming
Jos Vos
jos at xos.nl
Sun Jun 14 20:07:49 UTC 2009
On Sun, Jun 14, 2009 at 12:30:41PM -0600, Kevin Fenzi wrote:
> I keep wondering if we couldn't come up with something
> like a /etc/iptables.d/ type setup somehow that would work for these
> cases.
>
> In the case of a package that does not need any configuration done and
> only needs a firewall rule to function, we could add a file in there to
> add it's rule.
As long as it (a) will ONLY be taken into account when the firewall
config was created at install/firstboot time and (b) the
package-specific rules will ONLY be used when some variable in
/etc/sysconfig is set to "yes" (for example IPTABLES_PACKAGENAME="yes"
in /etc/sysconfig/iptables-packagename) and is set to "no" by default,
it MIGHT be acceptable.
In general, a package tweaking with firewalls sounds vary scary...
--
-- Jos Vos <jos at xos.nl>
-- X/OS Experts in Open Systems BV | Phone: +31 20 6938364
-- Amsterdam, The Netherlands | Fax: +31 20 6948204
More information about the devel
mailing list