On Mon, 4 May 2009 04:54:29 Carlos E. R. wrote:
On Sunday, 2009-05-03 at 08:05 -0700, Prasun Dhara wrote:
Hi,
Your method of posting this email is called "kidnapping a thread". Please don't.
In Suse we have a great tool like YAST to configure firewall but the desktop users faces a problem when they try to run some program which request to open a port are silently dropped by the firewall.. and they need to see the log and then open the port manually and the execute the program again... i believe there should be an interactive tool which will handle this situation..
For Example :If user executes a program(say xyz) which needs a open port, firewall should prompt the user that xyz program wants to open this port and ask for a approval (say user needs to enter super user password) and firewall will automatically allow the request and open the required port.
That would be a security risk, so the answer would be "no". If you really trust a user to do that, you could trust that user with the root password. Or a sudo script.
Can you give an example of a desktop app that need such a risky behaviour, in Linux? I can't think of any.
I think what he may be referring to is something like BitTorrent or other uPnP-capable apps. Many DSL-type routers these days support uPnP where BT can punch a hole in the firewall to allow sharing during the period when it is running - when the app closes the firewall should automatically shut off the port again. Personally, I don't like the idea, but it is out there and it does work. I'm not sure though that openSuse firewall (or iptables generally) supports it though. Cheers, Rodney. -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au ===================================================