Firewall
Matthew Miller
mattdm at mattdm.org
Tue Dec 7 16:18:52 UTC 2010
On Tue, Dec 07, 2010 at 09:50:22AM +0000, Tim Waugh wrote:
> If the CUPS snmp backend could say to "the firewall", "hey, please allow
> responses on this port I've got for the next few seconds" -- which can
> be controlled using PolicyKit -- then this network discovery would
> finally work.
Is there a compelling reason for this not to be:
- cups snmp backend says to "the firewall", "hey, please allow
responses on this port I've got"
- cups snmp backend listens for responses until timeout
- cups snmp backend says to "the firewall", "hey, I'm done now. thanks!"
That seems more helpful than "a few seconds" anyway. And worst case is that
the snmp backend crashes or otherwise forgets to remove its rule, which
shouldn't be terribly severe since then it won't be listening, either. Some
other point the the cups startup/stop process could make sure any such
leftover rules are cleared just to be sure.
I have no problem with the mechanism for talking to the firewall being some
PolicyKit-enabled helper program. I just don't see a strong argument for it
being a daemon.
--
Matthew Miller <mattdm at mattdm.org>
Senior Systems Architect -- Instructional & Research Computing Services
Harvard School of Engineering & Applied Sciences
More information about the devel
mailing list