[opensuse-factory] Idea for SuSEfirewall2

Thu, 29 Jun 2006 23:41:38 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just a little idea I stumbled upon...

How about having a directory that allows dropping in files as part of
packages (e.g. /etc/sysconfig/SuSEfirewall2.d/).

Those files could include stuff like
- - a detailed description of the ports that are relevant to the package
- - parsable data for SuSEfirewall2, to be able to open (or close) ports
based on that information
- ---8<--------------------------------------------
<susefirewall2-service id="xmpp">
  <summary>XMPP/Jabber</summary>
  <description>
    Open these ports to allow communication with an
    XMPP/Jabber server hosted in your network.
  </description>
  <ports>
    <port proto="udp" port="5222" />
    <port-range proto="tcp" range="5222-5223"/>
  </ports>
<susefirewall2-service>
- ---8<--------------------------------------------
(of course, it should be capable of being localized)

Those ports could then show up in "Allowed Services" and "Masquerading".

Currently, SuSEfirewall2 has a fixed set of "well-known" (not in a sense
of /etc/services) ports it can put names on (HTTP, SSH, rsync).
But those ports don't include a description, that could be really
valuable for beginners.

Also, SuSEfirewall2 doesn't provide names for other ports, that are not
in that fixed set, e.g. for gnutella, jabber/xmpp, ... and you have to
go through [Advanced...]

A system like above could be useful, to include port definitions for
SuSEfirewall2 as part of RPM packages (e.g. jabberd).

Well, just an idea, off the top of my head.
What do you guys think, would it be useful ? feasible ?
Post/discuss on another list ?

cheers
- --
  -o) Pascal Bleser     http://linux01.gwdg.de/~pbleser/
  /\\ <[EMAIL PROTECTED]>       <[EMAIL PROTECTED]>
 _\_v The more things change, the more they stay insane.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEpMeKr3NMWliFcXcRAuKDAJ9BLw5rhYnyuThfMVNaq9rus2Y5xwCgjp6I
kVZmPXpltue+du3rGYGKnfA=
=jqFo
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to