On Friday 30 June 2006 01:41, Pascal Bleser wrote: > Just a little idea I stumbled upon... > > How about having a directory that allows dropping in files as part of > packages (e.g. /etc/sysconfig/SuSEfirewall2.d/).
Excellent ideas. > Those ports could then show up in "Allowed Services" and "Masquerading". > > Currently, SuSEfirewall2 has a fixed set of "well-known" (not in a sense > of /etc/services) ports it can put names on (HTTP, SSH, rsync). > But those ports don't include a description, that could be really > valuable for beginners. I'd like to see this tied into the YaST runlevel display also. Adding maybe an "FW" column that would indicate that a service can be exposed externally to a network and should be in a firewall rule for best practices. Also serves as another check & balance area for auditing. 0=internal only, non-networked, no need to firewall 1=can be exposed externally to a network, recommend to firewall 2=designed to be exposed externally to a network, must be firewalled 3=external, firewall disabled 4=external, firewall enabled 5=internal, firewall disabled 6= you get the idea . . . Provide some useful info for newbies to learn from and a refresher for the experts. > Also, SuSEfirewall2 doesn't provide names for other ports, that are not > in that fixed set, e.g. for gnutella, jabber/xmpp, ... and you have to > go through [Advanced...] > > A system like above could be useful, to include port definitions for > SuSEfirewall2 as part of RPM packages (e.g. jabberd). In the spec file have recommended/established port definitions for firewalling? Excellent idea. Even for FWBuilder and others... > Well, just an idea, off the top of my head. > What do you guys think, would it be useful ? feasible ? > Post/discuss on another list ? One of the most needed enhancements to SUSE Linux, open or enterprise. Thanks Pascal, Stan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
