On Wed, 06 May 2009 21:40:49 +0200, Carlos E. R. wrote:
For one thing, you assert that one Linux app can never know what port another has opened (correct me if I've misread this). Try "lsof -i" on your system sometime.
Yes, that's possible.
But the packets are not linked to apps, the firewall doesn't know from which app a packet comes from (unless the packet is previously "marked"). Plus, the SuSEfirewall2 does not block outgoing packets, meaning that an application can freely send packets outside, even binding to a port for incoming packets.
The SUSE Firewall is based on iptables, isn't it? Having played with tor and tork a little bit, the "failsafe mode" intercepts all traffic (TCP at least) and filters it through tor to be routed to the tor network. That means that this would theoretically be possible using the SUSE firewall.
What the firewall will not be able to determine is that, an incoming packet from the outside is in fact meant for that application. It can be assumed, but not known, as it comes from outside.
Thus the popup message given in Windows is not possible here, the firewall works very differently.
If I were to respond to this comment in a hyperbolic sense, I'd say that the logical conclusion is that Linux is not as advanced as Windows. ;-) Of course you and I both know that's not the case. To say that something that's done on Windows simply isn't possible on Linux really stretches the truth. With Linux, where there's a will, there's generally a way. To respond in a non-hyperbolic way, I'd point out that ZA doesn't use the Windows firewall either. It provides its own. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org