Mailinglist Archive: opensuse (1332 mails)

[Rodney Baker <rodney.baker@xxxxxxxxxxxx>]

On Mon, 4 May 2009 04:54:29 Carlos E. R. wrote:
> On Sunday, 2009-05-03 at 08:05 -0700, Prasun Dhara wrote:
> > Hi,
>
> Your method of posting this email is called "kidnapping a thread".
> Please don't.
>
> >        In Suse we have a great tool like YAST to configure firewall but
> > the desktop users faces a problem when they try to run some program which
> > request to open a port are silently dropped by the firewall.. and they
> > need to see the log and then open the port manually and the execute the
> > program again... i believe there should be an interactive tool which will
> > handle this situation..
> >
> > For Example :If user executes a program(say xyz) which needs a open
> > port, firewall should prompt the user that xyz program wants to open
> > this port and ask for a approval (say user needs to enter super user
> > password) and firewall will automatically allow the request and open
> > the required port.
>
> That would be a security risk, so the answer would be "no". If you really
> trust a user to do that, you could trust that user with the root password.
> Or a sudo script.
>
> Can you give an example of a desktop app that need such a risky
> behaviour, in Linux? I can't think of any.

I think what he may be referring to is something like BitTorrent or other 
uPnP-capable apps. Many DSL-type routers these days support uPnP where BT can 
punch a hole in the firewall to allow sharing during the period when it is 
running - when the app closes the firewall should automatically shut off the 
port again.

Personally, I don't like the idea, but it is out there and it does work. I'm 
not sure though that openSuse firewall (or iptables generally) supports it 
though.

Cheers,
Rodney.

-- 
===================================================
Rodney Baker VK5ZTV
rodney.baker@xxxxxxxxxxxx
===================================================