
6 Apr
2009
6 Apr
'09
2:48 p.m.
On Mon, 2009-04-06 at 14:36 +0200, Ludwig Nussel wrote:
SuSEfirewall2 does not have such a mechanism and TBH I pretty much dislike the idea of allowing applications to inject arbitrary rules. I'd prefer some higher level abstraction so it's left to the firewall to decide how to translate the request into actual iptables rules (or whatever else technology is used in the background).
How would that be done ? I don't know of any tool that could do that, especially given the large number of existing firewall mgmt tools out there (s-c-firewall, SuSEfirewall2, whatever Debian/Ubuntu have, shorewall, pyroman, ...) David