Hi, anonym wrote (17 Apr 2012 12:12:24 GMT) : > I've implemented this (and changed some necessary application > configurations) in feature/firewall_lockdown.
Why allow access to system DNS from the htp user? Is this user used for anything else than running wget? Why allow access to system DNS from the proxy user? I think every such exception must be clearly explained by a short sentence that we'll put in the design doc. Perhaps write it directly in the design doc, in the topic branch the feature lives in? Also, I like being able to manually send arbitrary DNS requests to ttdnsd. The current rules in this branch force me to ask pdnsd instead, and get the (useful for application use, but incomplete for more elaborate uses) result from Tor DNS for the request types it supports. > The iptables rules will certainly look more beautiful with ferm. Sure. The rules as implemented are not that ugly, though, so I suggest we finish and merge the firewall lockdown feature first, before tackling the move to ferm, that's arguably much lower priority. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
