Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On Wed, Jan 05, 2011 at 03:22:15PM -0500, Chuck Anderson wrote: > On Wed, Jan 05, 2011 at 01:29:51PM +, Daniel P. Berrange wrote: > > -p 0x8035 -j I-vnet0-rarp > > Who still uses RARP? libvirt doesn't really care what protocols guest VMs use on their network. We're simply providing a mechanism to protect against VM attempting to spoof traffic from other VMs. We have demonstration filters that do this for many protocols, including RARP, that an admin can activate as required for their network Daniel -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On Wed, Jan 05, 2011 at 01:29:51PM +, Daniel P. Berrange wrote: > -p 0x8035 -j I-vnet0-rarp Who still uses RARP? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On Thu, Dec 23, 2010 at 05:03:56PM +0100, Thomas Woerner wrote: > Hello, > > as discussed some time ago, I worked on the proof of concept > implementation of firewalld. FirewallD is a service daemon with a D-BUS > interface that provides a dynamic managed firewall. > > For more information on firewalld, please have a look at: > https://fedoraproject.org/wiki/FirewallD/ > > About this version: > > This is mostly the proof of concept implementation with some changes and > is feature complete for F-15 as a firewalld preview version. It will not > be enabled per default and will also not get installed per default. The > system-config-firewall with static firewall model will still be the > default firewall solution for Fedora 15. > > What this firewalld version can do: > > - It supports most of the firewall features system-config-firewall had, >but there are three limitations: > >1) custom firewall rule files (iptables save format) are not > supported and most likely will never be, but there is support for > custom rules (limited functionality). > >2) sysctl changes for ip_forward are not done, yet. > >3) There are no permanent firewall settings, this means that all > settings are lost after a service restart or reboot. Permanent > firewall settings will be added later on. Lack of persistence across reboots isn't a problem for libvirt needs, but we would expect even non-persistent rules to survive a restart of the firewalld process. Currently everything is torn down when firewalld stops, so if you need todo a 'service firewalld restart' in an RPM postscript during RPM upgrades, then you will interrupt traffic to/from guests, or temporarily open security holes in the network filtering of guests. Thus, the teardown and setup of firewall rules must be decoupled from the firewalld process startup/shutdown lifecycle, to allow restarts of firewalld without causing a security weakness/service interruption. > - There is an rule and chain interface for libvirt, but the PolicyKit >policy is not in place, yet. Looking at the dbus API this appears to let me add/remove/query rules in the INPUT_libvirt, OUTPUT_libvirt FORWARD_libvirt chains, but AFAICT it doesn't yet provide any way to create additional chains. eg, the setup we need for libvirt has chains linked quite a few levels deep. Chain: PREROUTING_libvirt -i vnet0 -j libvirt-I-vnet0 -i vnet1 -j libvirt-I-vnet1 -i vnet2 -j libvirt-I-vnet2 ... Chain: libvirt-I-vnet0 -p IPv4 -j I-vnet0-ipv4 -p ARP -j I-vnet0-arp -p 0x8035 -j I-vnet0-rarp -p 0x835 -j ACCEPT -j DROP Chain: I-vnet0-ipv4 Chain: I-vnet0-arp Chain: I-vnet0-rarp And so on for vnet1, vnet2, and more Also, the naming of the extra chains needs to be completely controlled by libvirt with no extra prefix added by firewalld. This is because the iptables kernel chain name length limit is very short and thus we need to use every byte available :-( Regards, Daniel -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On Thu, 2010-12-23 at 17:03 +0100, Thomas Woerner wrote: > Hello, > > as discussed some time ago, I worked on the proof of concept > implementation of firewalld. FirewallD is a service daemon with a D-BUS > interface that provides a dynamic managed firewall. > > For more information on firewalld, please have a look at: > https://fedoraproject.org/wiki/FirewallD/ > (dropping CCs) I can't comment much on firewalls per se, but I just wanted to say that it's exciting to see a plan on the Fedora wiki that covers Fedora 15, 16, 17 and 18. I don't think we do enough long-term planning, and I found it refreshing to see this kind of thing. Just my 2c; good luck! Dave -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On 01/02/2011 11:56 AM, Dennis Jacobfeuerborn wrote: >> I switched to iptables-restore and got 2 orders of magnitude speedup >> (yes that is indeed over 100 times faster!!) - something to consider. > > I think iptables-restore uses libiptc to manipulate the rules. The problem > is that according to the netfilter FAQ libiptc isn't officially supported > but I asked about that on the mailing list. I've always wondered how to > properly manipulate iptables rules from say C/C++ (or any "not shell" Perhaps - but iptables-restore and iptables-save are what fedora use when you run service iptables save / (re)start - so I assume that is supported. The format is very straightforward, differing only in a minor way from the line by line iptables command - the idea is that there is a single user-to-kernel space rather than 1 per line. Anyway, I use simple scripting to create the file in correct format - in fact it is identical to the format you get by running service iptables-save .. for obvious reasons :-) I just skip the 1 line per rule entry followed by a service iptables save and instead - i just write it in save format and reload. This should work as long as service iptables save/start work. gene/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On 01/02/2011 04:57 PM, Genes MailLists wrote: > On 01/02/2011 06:16 AM, Thomas Woerner wrote: >> On 12/27/2010 08:42 PM, Casey Dahlin wrote: > Can I ask a stupid question? Does dbus have the kind of performance necessary to support this type of application? >>> >>> What kind of performance do you think is necessary? Its just a >>> configuration interface, its not like its pushing all your packets >>> through dbus or asking the bus every time it needs to make a routing >>> decision (or did I miss something? I'd certainly hope not). >>> >>> --CJD >> >> There will be an optional firewall mode, where you can define firewall >> features, the user will be asked about, but this will be limited to new >> connection attempts and not all packets in an established connection. >> > >I have no idea how you're implenting this - but if you're using > iptables to change the rules the performance can be truly awful when you > have more than a few rules. (I have a lot of rules on our primary border > firewall). > > I switched to iptables-restore and got 2 orders of magnitude speedup > (yes that is indeed over 100 times faster!!) - something to consider. I think iptables-restore uses libiptc to manipulate the rules. The problem is that according to the netfilter FAQ libiptc isn't officially supported but I asked about that on the mailing list. I've always wondered how to properly manipulate iptables rules from say C/C++ (or any "not shell" language) in a safe manner. Regards, Dennis -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On 01/02/2011 06:16 AM, Thomas Woerner wrote: > On 12/27/2010 08:42 PM, Casey Dahlin wrote: >>> Can I ask a stupid question? Does dbus have the kind of performance >>> necessary to support this type of application? >>> >> >> What kind of performance do you think is necessary? Its just a >> configuration interface, its not like its pushing all your packets >> through dbus or asking the bus every time it needs to make a routing >> decision (or did I miss something? I'd certainly hope not). >> >> --CJD > > There will be an optional firewall mode, where you can define firewall > features, the user will be asked about, but this will be limited to new > connection attempts and not all packets in an established connection. > I have no idea how you're implenting this - but if you're using iptables to change the rules the performance can be truly awful when you have more than a few rules. (I have a lot of rules on our primary border firewall). I switched to iptables-restore and got 2 orders of magnitude speedup (yes that is indeed over 100 times faster!!) - something to consider. gene/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On 12/27/2010 08:42 PM, Casey Dahlin wrote: > On Mon, Dec 27, 2010 at 08:06:05PM +0100, nodata wrote: >> >> Hi, >> >> First of all thanks for making this work on the command line first and >> gui second. >> >> Can I ask a stupid question? Does dbus have the kind of performance >> necessary to support this type of application? >> > > What kind of performance do you think is necessary? Its just a > configuration interface, its not like its pushing all your packets > through dbus or asking the bus every time it needs to make a routing > decision (or did I miss something? I'd certainly hope not). > > --CJD There will be an optional firewall mode, where you can define firewall features, the user will be asked about, but this will be limited to new connection attempts and not all packets in an established connection. Thanks, Thomas -- Thomas Woerner Software EngineerPhone: +49-711-96437-310 Red Hat GmbH Fax : +49-711-96437-111 Hauptstaetterstr. 58 Email: Thomas Woerner D-70178 StuttgartWeb : http://www.redhat.de/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On 12/27/2010 08:06 PM, nodata wrote: > On 23/12/10 17:03, Thomas Woerner wrote: >> Hello, >> >> as discussed some time ago, I worked on the proof of concept >> implementation of firewalld. FirewallD is a service daemon with a D-BUS >> interface that provides a dynamic managed firewall. >> >> For more information on firewalld, please have a look at: >> https://fedoraproject.org/wiki/FirewallD/ >> >> About this version: >> >> This is mostly the proof of concept implementation with some changes and >> is feature complete for F-15 as a firewalld preview version. It will not >> be enabled per default and will also not get installed per default. The >> system-config-firewall with static firewall model will still be the >> default firewall solution for Fedora 15. >> >> What this firewalld version can do: >> >> - It supports most of the firewall features system-config-firewall had, >> but there are three limitations: >> >> 1) custom firewall rule files (iptables save format) are not >> supported and most likely will never be, but there is support for >> custom rules (limited functionality). >> >> 2) sysctl changes for ip_forward are not done, yet. >> >> 3) There are no permanent firewall settings, this means that all >> settings are lost after a service restart or reboot. Permanent >> firewall settings will be added later on. >> >> - The firewall daemon manages the firewall dynamically. This means that >> changes are done without recreating the whole firewall. Also there is >> no need to reload all firewall modules anymore. Firewall helpers are >> loaded and unloaded if needed. >> >> - A simple tray applet (firewall-applet) shows the status of the public >> firewall and is makes it simple to enable and disable firewall >> services. The applet does not show firewall configuration settings >> done with the libvirt interface. >> >> - firewall-cmd is the command line client that makes it possible to >> enable, disable, query and list firewall features. firewall-cmd is >> also not able to show firewall settings of the libvirt interface. >> >> - There is an rule and chain interface for libvirt, but the PolicyKit >> policy is not in place, yet. >> >> What this version can not do (future features): >> >> - firewall-config, the firewall configuration utility, is not functional >> - System vs. User/Session configuration >> - Zone support >> - NetworkManager firewall rule support >> >> >> firewalld made it into a fedorahosted repo at: >> >> git://git.fedorahosted.org/git/firewalld.git >> >> The fedoraproject wiki page at >> https://fedoraproject.org/wiki/FirewallD/ >> exists and will get more updates soon. The feature request page for >> Fedora 15 is also up to date: >> https://fedoraproject.org/wiki/Features/DynamicFirewall#How_To_Test >> >> For test packages, please have a look at >> http://twoerner.fedorapeople.org/firewalld/ >> >> firewalld has a requirement for system-config-firewall-1.2.28. This >> version has checks for an active firewalld in the tools. >> >> Please have a look at >> http://koji.fedoraproject.org/koji/buildinfo?buildID=211013 >> for the Fedora 15 packages of this version. It is usable on fedora >> versions< 15. >> >> How To Test >> - Install firewalld and firewall-applet >> - Start the firewalld service >> - Start the tray applet firewall-applet >> - Use firewall-cmd to enable for example ssh: >> firewall-cmd --enable --service=ssh >> - Enable samba for 10 seconds: >> firewall-cmd --enable --service=samba --timeout=10 >> - Enable ipp-client: >> firewall-cmd --enable --service=ipp-client >> - Disable ipp-client: >> firewall-cmd --disable --service=ipp-client >> - To restore your static firewall with lokkit again simply use: >> lokkit --enabled >> >> You can also use the D-BUS interface directly. This is required for >> libvirt (and later on also NetworkManager). The D-BUS interface >> documentation is work in progress and will be added later on. >> >> >> >> Comments and additional information is highly welcome. >> >> Thanks in advance, >> Thomas >> > > Hi, > > First of all thanks for making this work on the command line first and > gui second. > > Can I ask a stupid question? Does dbus have the kind of performance > necessary to support this type of application? > > Thanks. I have done tests here and the performance of D-BUS is good. The biggest amount of time was used to add or remove rules or to load or unload netfilter kernel helpers. D-BUS is used to submit requests to the firewalld. If there are too many requests that they can not be handled by D-BUS in a reasonable time, then this could be bad usage of firewalld. Firewall changes should not happen all day long. Thanks, Thomas -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On 27/12/10 20:42, Casey Dahlin wrote: > On Mon, Dec 27, 2010 at 08:06:05PM +0100, nodata wrote: >> >> Hi, >> >> First of all thanks for making this work on the command line first and >> gui second. >> >> Can I ask a stupid question? Does dbus have the kind of performance >> necessary to support this type of application? >> > > What kind of performance do you think is necessary? Its just a > configuration interface, its not like its pushing all your packets > through dbus or asking the bus every time it needs to make a routing > decision (or did I miss something? I'd certainly hope not). > > --CJD Sorry I thought the decision was dynamic. My mistake. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On Mon, Dec 27, 2010 at 08:06:05PM +0100, nodata wrote: > > Hi, > > First of all thanks for making this work on the command line first and > gui second. > > Can I ask a stupid question? Does dbus have the kind of performance > necessary to support this type of application? > What kind of performance do you think is necessary? Its just a configuration interface, its not like its pushing all your packets through dbus or asking the bus every time it needs to make a routing decision (or did I miss something? I'd certainly hope not). --CJD -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On 23/12/10 17:03, Thomas Woerner wrote: > Hello, > > as discussed some time ago, I worked on the proof of concept > implementation of firewalld. FirewallD is a service daemon with a D-BUS > interface that provides a dynamic managed firewall. > > For more information on firewalld, please have a look at: > https://fedoraproject.org/wiki/FirewallD/ > > About this version: > > This is mostly the proof of concept implementation with some changes and > is feature complete for F-15 as a firewalld preview version. It will not > be enabled per default and will also not get installed per default. The > system-config-firewall with static firewall model will still be the > default firewall solution for Fedora 15. > > What this firewalld version can do: > > - It supports most of the firewall features system-config-firewall had, > but there are three limitations: > > 1) custom firewall rule files (iptables save format) are not >supported and most likely will never be, but there is support for >custom rules (limited functionality). > > 2) sysctl changes for ip_forward are not done, yet. > > 3) There are no permanent firewall settings, this means that all >settings are lost after a service restart or reboot. Permanent >firewall settings will be added later on. > > - The firewall daemon manages the firewall dynamically. This means that > changes are done without recreating the whole firewall. Also there is > no need to reload all firewall modules anymore. Firewall helpers are > loaded and unloaded if needed. > > - A simple tray applet (firewall-applet) shows the status of the public > firewall and is makes it simple to enable and disable firewall > services. The applet does not show firewall configuration settings > done with the libvirt interface. > > - firewall-cmd is the command line client that makes it possible to > enable, disable, query and list firewall features. firewall-cmd is > also not able to show firewall settings of the libvirt interface. > > - There is an rule and chain interface for libvirt, but the PolicyKit > policy is not in place, yet. > > What this version can not do (future features): > > - firewall-config, the firewall configuration utility, is not functional > - System vs. User/Session configuration > - Zone support > - NetworkManager firewall rule support > > > firewalld made it into a fedorahosted repo at: > > git://git.fedorahosted.org/git/firewalld.git > > The fedoraproject wiki page at > https://fedoraproject.org/wiki/FirewallD/ > exists and will get more updates soon. The feature request page for > Fedora 15 is also up to date: > https://fedoraproject.org/wiki/Features/DynamicFirewall#How_To_Test > > For test packages, please have a look at > http://twoerner.fedorapeople.org/firewalld/ > > firewalld has a requirement for system-config-firewall-1.2.28. This > version has checks for an active firewalld in the tools. > > Please have a look at > http://koji.fedoraproject.org/koji/buildinfo?buildID=211013 > for the Fedora 15 packages of this version. It is usable on fedora > versions< 15. > > How To Test > - Install firewalld and firewall-applet > - Start the firewalld service > - Start the tray applet firewall-applet > - Use firewall-cmd to enable for example ssh: > firewall-cmd --enable --service=ssh > - Enable samba for 10 seconds: > firewall-cmd --enable --service=samba --timeout=10 > - Enable ipp-client: > firewall-cmd --enable --service=ipp-client > - Disable ipp-client: > firewall-cmd --disable --service=ipp-client > - To restore your static firewall with lokkit again simply use: > lokkit --enabled > > You can also use the D-BUS interface directly. This is required for > libvirt (and later on also NetworkManager). The D-BUS interface > documentation is work in progress and will be added later on. > > > > Comments and additional information is highly welcome. > > Thanks in advance, > Thomas > Hi, First of all thanks for making this work on the command line first and gui second. Can I ask a stupid question? Does dbus have the kind of performance necessary to support this type of application? Thanks. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
The project design (code and interface) seems to be very influenced by NetworkManager, but both code and design wise that project has flaws that Dan and others have spent a lot of time undoing. I don't want to see the same mistakes made 5 years later =) >From a UI side, if your first cut is just replacing system-config-firewall, that seems more than enough, no? How the firewall controls/design integrates with GNOME 3 networking would need someone with actual experience design, but I am just trying to avoid a regression here with yet another part of the OS taking up 22 pixels of screen space permanently. You can use the notification system for transient issues, but I'm *very* skeptical of anything here that isn't just on/off. >From the code side, I think the NM "session" configuration basically hasn't worked; the new NM code will be all system settings. In particular how it works with fast user switching is pretty suboptimal. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
Am Montag, den 27.12.2010, 14:42 +0100 schrieb Thomas Woerner: > On 12/24/2010 11:45 PM, Colin Walters wrote: > > On Thu, Dec 23, 2010 at 11:03 AM, Thomas Woerner > > wrote: > >> > >> - A simple tray applet (firewall-applet) > > > > Actively deprecated; please consider other interfaces. In this case, > > I think a control panel module is just fine. > > Is there an interface to use control panel modules with other desktop > environments and also window managers? > > An applet for a component like a firewall should be usable with more > than one desktop environment. No matter what GNOME will do KDE, Xfce, LXDE, Fluxbox and many more will continue to use the system tray. It is sad to see that GNOME is abandoning a well established freedesktop.org standard. Regards, Christoph -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On 12/24/2010 11:45 PM, Colin Walters wrote: > On Thu, Dec 23, 2010 at 11:03 AM, Thomas Woerner wrote: >> >> - A simple tray applet (firewall-applet) > > Actively deprecated; please consider other interfaces. In this case, > I think a control panel module is just fine. Is there an interface to use control panel modules with other desktop environments and also window managers? An applet for a component like a firewall should be usable with more than one desktop environment. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
On Thu, Dec 23, 2010 at 11:03 AM, Thomas Woerner wrote: > > - A simple tray applet (firewall-applet) Actively deprecated; please consider other interfaces. In this case, I think a control panel module is just fine. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
Hello, as discussed some time ago, I worked on the proof of concept implementation of firewalld. FirewallD is a service daemon with a D-BUS interface that provides a dynamic managed firewall. For more information on firewalld, please have a look at: https://fedoraproject.org/wiki/FirewallD/ About this version: This is mostly the proof of concept implementation with some changes and is feature complete for F-15 as a firewalld preview version. It will not be enabled per default and will also not get installed per default. The system-config-firewall with static firewall model will still be the default firewall solution for Fedora 15. What this firewalld version can do: - It supports most of the firewall features system-config-firewall had, but there are three limitations: 1) custom firewall rule files (iptables save format) are not supported and most likely will never be, but there is support for custom rules (limited functionality). 2) sysctl changes for ip_forward are not done, yet. 3) There are no permanent firewall settings, this means that all settings are lost after a service restart or reboot. Permanent firewall settings will be added later on. - The firewall daemon manages the firewall dynamically. This means that changes are done without recreating the whole firewall. Also there is no need to reload all firewall modules anymore. Firewall helpers are loaded and unloaded if needed. - A simple tray applet (firewall-applet) shows the status of the public firewall and is makes it simple to enable and disable firewall services. The applet does not show firewall configuration settings done with the libvirt interface. - firewall-cmd is the command line client that makes it possible to enable, disable, query and list firewall features. firewall-cmd is also not able to show firewall settings of the libvirt interface. - There is an rule and chain interface for libvirt, but the PolicyKit policy is not in place, yet. What this version can not do (future features): - firewall-config, the firewall configuration utility, is not functional - System vs. User/Session configuration - Zone support - NetworkManager firewall rule support firewalld made it into a fedorahosted repo at: git://git.fedorahosted.org/git/firewalld.git The fedoraproject wiki page at https://fedoraproject.org/wiki/FirewallD/ exists and will get more updates soon. The feature request page for Fedora 15 is also up to date: https://fedoraproject.org/wiki/Features/DynamicFirewall#How_To_Test For test packages, please have a look at http://twoerner.fedorapeople.org/firewalld/ firewalld has a requirement for system-config-firewall-1.2.28. This version has checks for an active firewalld in the tools. Please have a look at http://koji.fedoraproject.org/koji/buildinfo?buildID=211013 for the Fedora 15 packages of this version. It is usable on fedora versions < 15. How To Test - Install firewalld and firewall-applet - Start the firewalld service - Start the tray applet firewall-applet - Use firewall-cmd to enable for example ssh: firewall-cmd --enable --service=ssh - Enable samba for 10 seconds: firewall-cmd --enable --service=samba --timeout=10 - Enable ipp-client: firewall-cmd --enable --service=ipp-client - Disable ipp-client: firewall-cmd --disable --service=ipp-client - To restore your static firewall with lokkit again simply use: lokkit --enabled You can also use the D-BUS interface directly. This is required for libvirt (and later on also NetworkManager). The D-BUS interface documentation is work in progress and will be added later on. Comments and additional information is highly welcome. Thanks in advance, Thomas -- Thomas Woerner Software EngineerPhone: +49-711-96437-310 Red Hat GmbH Fax : +49-711-96437-111 Hauptstaetterstr. 58 Email: Thomas Woerner D-70178 StuttgartWeb : http://www.redhat.de/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel