GSoC 2010 : Better iptables management
Tim Waugh
twaugh at redhat.com
Fri Mar 12 16:19:07 UTC 2010
On Fri, 2010-03-12 at 10:49 +0530, Zubin Mithra wrote:
> My name is Zubin Mithra and I am aspiring to get into GSoC on behalf
> of Fedora. I wish to work on making a library for better iptables
> management. Details can be viewed in the proposal which I have
> attached along with the email.
>
> I would love to hear your views on it.
Hi,
I think that a CLI/library based approach for this is not really
sufficient -- the main problem we currently have with iptables
management is that user applications need to be able to request that
certain rules are added, via PolicyKit.
The user experience ought to be something like: click 'share this
folder', dialog says "Oh, you need a firewall modification to allow that
to work, shall I go ahead and do it?".
We already have a mechanism for doing this, but the existing mechanism
is quite crude.
Take a look at the D-Bus service provided by system-config-firewall.
This is the correct approach. I think it just needs making generally
better by having an interface that is a bit more "idiot proof", i.e.
some way to know whether the existing rules already do what the
application needs without having to have lots of internal knowledge of
system-config-firewall.
Tim.
*/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100312/bcaa92fb/attachment.bin
More information about the devel
mailing list