"Workstation" Product defaults to wide-open firewall

Reindl Harald h.reindl at thelounge.net
Tue Dec 9 18:36:26 UTC 2014



Am 09.12.2014 um 19:33 schrieb Chuck Anderson:
> On Tue, Dec 09, 2014 at 11:16:54AM -0700, Pete Travis wrote:
>> But seriously, there's an implication in this thread that there will be
>> work happening to give stuff a path to ask for an open port.  Where can we
>> follow along with that effort? Starting with, say, how I might change
>> `nikola runserver` or `django-admin runserver` to ask for the port, and
>> ending with the resulting UI that asks me for approval?
>
> The functionality for a program to ask for an open port already
> exists.  It is called bind(2)

yes, but the problem is that you won't forbid a program to listen on a 
port even if it is designed to listen on 0.0.0.0 instead 127.0.0.1 *but* 
you want and need to restrict from where it is accessable

if you disallow the bind-call it fails

whenever i play around with a network-aware software the first step is 
test it#s behavior on localhost and later decide if i want to have it 
reachable over the netwok and over wich network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141209/a3d05278/attachment.sig>


More information about the devel mailing list