You might create a rule for the target in question which logs when it matchs and obey the logfile for this entry and adjust the rule if found . Time based revert the ruleset or select an other target which is visited (and also logged) for turning the access off.
Am 6. März 2015 10:26:08 MEZ, schrieb Erich Titl <erich.t...@think.ch>: >Hi Juergen > >Am 06.03.2015 um 07:18 schrieb j...@tux-net.de: >> Why should the access to these update servers be enabled dynamically? > >I could enable that access statically, but that would mean I have to >adapt the firewall policies to a peripheral functionality. As I want to >add this functionality to the mainstream, I don't want to force users >to >adapt the firewall policy. > > What is the security policy behind it? > >Access to the outside services from the firewall itself is limited to a >small set of functions. I _believe_ this is the standard. > >Are the clients i.e mobile devices? >> Either you trust the targed or you do not. > >Right, this is not the problem, I must trust the target. We may use >signed containers to enhance this trust. > >Do you want to control the traffic? Or do you want to be sure that >the all clients get the same software version at a given time? > >Both is not as relevant, the problem is just that the firewall may not >have access at a given time, because the policy is set this way. > >cheers >ET > > > >------------------------------------------------------------------------ > >------------------------------------------------------------------------------ >Dive into the World of Parallel Programming The Go Parallel Website, >sponsored >by Intel and developed in partnership with Slashdot Media, is your hub >for all >things parallel software development, from weekly thought leadership >blogs to >news, videos, case studies, tutorials and more. Take a look and join >the >conversation now. http://goparallel.sourceforge.net/ > >------------------------------------------------------------------------ > >------------------------------------------------------------------------ >leaf-user mailing list: leaf-user@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/leaf-user >Support Request -- http://leaf-project.org/ -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
