On Friday 30 June 2006 01:41, Pascal Bleser wrote:
Just a little idea I stumbled upon...
How about having a directory that allows dropping in files as part of packages (e.g. /etc/sysconfig/SuSEfirewall2.d/).
Excellent ideas.
Those ports could then show up in "Allowed Services" and "Masquerading".
Currently, SuSEfirewall2 has a fixed set of "well-known" (not in a sense of /etc/services) ports it can put names on (HTTP, SSH, rsync). But those ports don't include a description, that could be really valuable for beginners.
I'd like to see this tied into the YaST runlevel display also. Adding maybe an "FW" column that would indicate that a service can be exposed externally to a network and should be in a firewall rule for best practices. Also serves as another check & balance area for auditing. 0=internal only, non-networked, no need to firewall 1=can be exposed externally to a network, recommend to firewall 2=designed to be exposed externally to a network, must be firewalled 3=external, firewall disabled 4=external, firewall enabled 5=internal, firewall disabled 6= you get the idea . . . Provide some useful info for newbies to learn from and a refresher for the experts.
Also, SuSEfirewall2 doesn't provide names for other ports, that are not in that fixed set, e.g. for gnutella, jabber/xmpp, ... and you have to go through [Advanced...]
A system like above could be useful, to include port definitions for SuSEfirewall2 as part of RPM packages (e.g. jabberd).
In the spec file have recommended/established port definitions for firewalling? Excellent idea. Even for FWBuilder and others...
Well, just an idea, off the top of my head. What do you guys think, would it be useful ? feasible ? Post/discuss on another list ?
One of the most needed enhancements to SUSE Linux, open or enterprise. Thanks Pascal, Stan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory-help@opensuse.org