Firewall

Phil Knirsch pknirsch at redhat.com
Mon Dec 6 20:02:37 UTC 2010 

On 12/06/2010 08:59 PM, Dennis Jacobfeuerborn wrote:
> On 12/06/2010 08:53 PM, Bill Nottingham wrote:
>> Phil Knirsch (pknirsch at redhat.com) said:
>>> Basically it's a statefull firewall daemon now that allows us to support
>>> and implement a lot of those features which have been so critically
>>> missing in our old way of doing firewalls (aka static crap) and
>>> basically impossible to do there. One example is libvirt and how it has
>>> to change firewall rules dynamically depending on whether a guest is
>>> started or shut down, and those rules should survive a restart of the
>>> firewall (which currently they don't and can't). Roughly speaking it's a
>>> bit similar with the switch from our static initscripts for network
>>> configuration to NetworkManager and how it deals with network interfaces
>>> nowadays.
>>
>> Sounds good....
>>
>>> One thing is e.g notifications to users when some service/app requests
>>> to open a port. First version won't have network zones yet, but he and
>>> Dan Williams are working on that for the next generation which will then
>>> basically allow it to let the user decide once for each
>>> interface/connection what should happen with it and never be bothered
>>> with it afterwards.
>>
>> ... but this seems absolutely wrong. The last thing we want is to be
>> pestering the user with information they may not understand, and are not
>> fully capable of acting on. Take the constant complaints about
>> SETroubleshoot, or the constant mocking of Windows Vista's security popups,
>> for example.
>
> I agree that this is a problem but it would be nice if firewalld could
> still keep track of this information and make it available on demand
> (basically a log). Maybe the notification could be based on that and only
> pop up if configured to do so by the users who care.
>
> Regards,
>     Dennis

Aye, thats a good idea. And easily doable.

Thanks & regards, Phil

-- 
Philipp Knirsch              | Tel.:  +49-711-96437-470
Supervisor Core Services     | Fax.:  +49-711-96437-111
Red Hat GmbH                 | Email: Phil Knirsch <pknirsch at redhat.com>
Hauptstaetterstr. 58         | Web:   http://www.redhat.com/
D-70178 Stuttgart, Germany
Motd:  You're only jealous cos the little penguins are talking to me.

More information about the devel mailing list