2006/6/30, Pascal Bleser <pascal.bleser@skynet.be>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Just a little idea I stumbled upon...
How about having a directory that allows dropping in files as part of packages (e.g. /etc/sysconfig/SuSEfirewall2.d/).
Those files could include stuff like - - a detailed description of the ports that are relevant to the package - - parsable data for SuSEfirewall2, to be able to open (or close) ports based on that information - ---8<-------------------------------------------- <susefirewall2-service id="xmpp"> <summary>XMPP/Jabber</summary> <description> Open these ports to allow communication with an XMPP/Jabber server hosted in your network. </description> <ports> <port proto="udp" port="5222" /> <port-range proto="tcp" range="5222-5223"/> </ports> <susefirewall2-service> - ---8<-------------------------------------------- (of course, it should be capable of being localized)
Those ports could then show up in "Allowed Services" and "Masquerading".
Currently, SuSEfirewall2 has a fixed set of "well-known" (not in a sense of /etc/services) ports it can put names on (HTTP, SSH, rsync). But those ports don't include a description, that could be really valuable for beginners.
Also, SuSEfirewall2 doesn't provide names for other ports, that are not in that fixed set, e.g. for gnutella, jabber/xmpp, ... and you have to go through [Advanced...]
A system like above could be useful, to include port definitions for SuSEfirewall2 as part of RPM packages (e.g. jabberd).
Well, just an idea, off the top of my head. What do you guys think, would it be useful ? feasible ? Post/discuss on another list ?
I agree on everything you say. SuSEfirewall2 and yast-interface to same could really benefit from this. Johan