Mailinglist Archive: opensuse-factory (808 mails)

[Ludwig Nussel <ludwig.nussel@xxxxxxx>]

Vincent Untz wrote:
> Le lundi 01 août 2011, à 14:03 +0200, Ludwig Nussel a écrit :
> > Vincent Untz wrote:
> > > I wonder: did anybody look at integrating firewalld (a firewall service
> > > daemon with D-BUS interface managing a dynamic firewall), or proposing a
> > > similar dbus API for what we have?
> >
> > Like this?
> > http://lizards.opensuse.org/2009/07/10/1453/
> > http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/
>
> I'm unsure if this covers the exact same use case; see below for an
> example of how firewalld is being used.
>
> > > I'm starting to see some applications making use of the dbus API,
> >
> > For what purpose?
> >
> > > and it does improve user experience to have that.
> >
> > What exactly?
>
> For instance, when configuring printers, the tool can open the mdns,
> ipp, ipp-client and samba-client ports for 5 minutes and probe the
> network (ports will get closed after the 5 minutes). And if the user
> chooses to use a printer using one of those ports, the tool will
> permanently open the port.

Well, I could implement something like that for SuSEfirwall2/fwzs
(using service definitions instead of ports though) but I'm not sure
it's good behavior anyways. Users are not supposed to punch holes in
the external zone just because they wanted to print once. That
would permanently expose cupsd after all. It would be better to
switch to a trusted zone that allows e.g. printing in the first
place instead.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 
16746 (AG Nürnberg) 
-- 
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx