On Tue, 2009-05-05 at 10:06 -0500, L. V. Lammert wrote:
At 04:59 PM 5/5/2009 +0200, Frans de Boer wrote:
So, your question is clear, but I can't answer it at the moment. I never tried it, but maybe AppArmor can? Maybe someone else has a suggestion?
Frans.
AppArmor is designed for servers, however OpenSuSE's built-in firewall works *almost* like the OP's requirements, the difference being the user is required to know in advance to open the port. A few mouse clicks, and it's done.
The fallacy with the OP's argument about 'popping up a dialog box to allow that application' is that all Windoze users are conditioned to hit that OK button for EVERYTHING, so a confirmation dialog just as bad as no security at all.
Lee
I agree with Lee that it's bad security practice, however, the solution requiring you to know the ports to be used in advance is also not working. Normal customers don't know how to, so just open everything. More skilled users can not always find the required port numbers to open and revert to the practice described before. The best of both is then to use the PF with pop-up windows approach for basic customers and allow legacy behavior for more skilled users. Frans. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org