allowing programs to open ports

Reindl Harald h.reindl at
Mon Dec 22 09:18:32 UTC 2014

Am 22.12.2014 um 10:10 schrieb drago01:
> On Mon, Dec 22, 2014 at 9:26 AM, Björn Persson <Bjorn at rombobjö> wrote:
>> Stephen John Smoogen wrote:
>>> Uhm no. You seem to be wanting a fight over something, and I have no
>>> mood to engage. I hope you have a more pleasant holidays than what
>>> your tone indicates you are currently having.
>> The idea of making two calls to open a port seemed like a bad design to
>> me, so I proposed what seemed like a better design.
> FWIW we already have a mechanism to restricts which ports specific
> applications are allowed to open without using firewalld at all. Its
> called "SELinux" (only works for confined domains but server
> applications should run in one anyway)

that don't solve the "firewall open on ports greater than 1024" on 
workstations starting with F21 as long as you don't forbid *any* 
application without a SELinux context to open a non-privileged port

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the devel mailing list