Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe...
But apps opening pinholes? Oh dear. Those of us running pf for years know that being able to do rule changes on the fly is a Good Thing(tm). And I think that we'd all laugh at unpriveleged apps messing with the rules. I just thought I'd share my amusement at this announcement. *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.