Re: Services automaticly change firewall rules to open access to themselfs.

[Steve Grubb <sgrubb redhat com>]

On Saturday 01 September 2007 03:34:29 Benny Amorsen wrote:
> >> Basically, what this means is, "don't allow incoming traffic except
> >> where root says it's ok", which might sometimes be what you want to
> >> achieve.
>
> AP> By the way, I still think that tis is a good idea.
>
> It would be nicer if the bind() failed in the application. 

We now have rsyslog in the distribution. It should be simple to create a 
configuration command that greps for iptables events and notifies the user in 
realtime kind of the way that setroubleshoot does. As a matter of fact, what 
might be even more useful is a command that watches for disk drive errors and 
tells the user that its starting to see the hard drive fail.

But from a security point of view, I don't think its a good idea for apps to 
be able to punch a hole in the firewall.

-Steve