Firewall
Richard W.M. Jones
rjones at redhat.com
Mon Dec 6 19:40:37 UTC 2010
On Mon, Dec 06, 2010 at 11:15:37AM -0800, Jesse Keating wrote:
> On 12/06/2010 11:05 AM, Daniel P. Berrange wrote:
> > The other benefit would be if the user only intended the
> > service to be accessible to localhost, or a UNIX domain
> > socket but for some reason screwed up their service's
> > config & opened it to the world.
> >
>
> I could buy this if we actually alerted users to this, when in fact we
> /disable/ logging in the default firewall set, so your packets just
> magically disappear leaving the user scratching their head as to why
> the hell things aren't working.
Yes, enabling logging of packets really helps to track down
firewall misconfiguration.
What we really lack is good visibility for n00bs. Sure you can do
'netstat -anp' to show open ports and (if you're more of an expert
than me) look at iptables to see what's wrong, but having nice GUI
tools to display this information would be better.
(No, I'm not volunteering to write them ...)
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
More information about the devel
mailing list