[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Services automaticly change firewall rules to open access to themselfs.

On Sat, Sep 01, 2007 at 14:07:17 +0200,
  Benny Amorsen <benny+usenet amorsen dk> wrote:
> Administrators sometimes want to limit which traffic can reach
> applications, and perhaps limit the risk when accidentally starting
> applications. Automating firewall setup makes that useless.

That is probably the main reason. And having apps undo restrictions seems
like a really really bad idea. 

Plus I have no confidence that apps can properly rewrite iptables rules
correctly. iptables setups can have complications which will make it
hard to change them. I have used subroutines for checking reserved ip
ranges and have had services configured to only be available to local
ip addresses or specific interfaces.

I think the idea of having some way to help people who want a service
available to the internet at large or some local ip addresses is a good
idea, but it needs to be an add on step that can be skipped, not some
invisible change behind the scenes.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]