Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

On 04/28/2014 08:09 PM, Florian Weimer wrote: On 04/28/2014 12:42 PM, David Woodhouse wrote: Actually, I think the best way to fix this is with SELinux, rather than iptables. Why go for an overly complex solution where authorised processes have to prod a firewall dæmon to change the iptables co

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

On 04/28/2014 12:42 PM, David Woodhouse wrote: Actually, I think the best way to fix this is with SELinux, rather than iptables. Why go for an overly complex solution where authorised processes have to prod a firewall dæmon to change the iptables configuration, when the kernel has a perfectly go

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

Am 28.04.2014 19:36, schrieb Miloslav Trmač: > 2014-04-28 19:33 GMT+02:00 Reindl Harald >: > > Am 28.04.2014 19:27, schrieb Miloslav Trmač: > > 2014-04-28 19:13 GMT+02:00 Reindl Harald: > > you can make signed fedora packages trusted and allow them

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

2014-04-28 19:33 GMT+02:00 Reindl Harald : > Am 28.04.2014 19:27, schrieb Miloslav Trmač: > > 2014-04-28 19:13 GMT+02:00 Reindl Harald: > > you can make signed fedora packages trusted and allow them > > at install or first start to interact with firewalld > > > > I can't; ptrace() doesn't

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

Am 28.04.2014 19:27, schrieb Miloslav Trmač: > 2014-04-28 19:13 GMT+02:00 Reindl Harald: > > Well if the users' expectations were that the firewall doesn't > "interfere" with Fedora applications, why > would they > > expect it to "interfere" with non-Fedora applications? > > do i

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

2014-04-28 19:13 GMT+02:00 Reindl Harald : > Am 28.04.2014 19:04, schrieb Miloslav Trmač: > > 2014-04-28 18:59 GMT+02:00 Reindl Harald h.rei...@thelounge.net>>: > > > > Am 28.04.2014 18:52, schrieb Miloslav Trmač: > > > No no no no no. If you want a firewall "integrated" /that/ way, > yo

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

Am 28.04.2014 19:04, schrieb Miloslav Trmač: > 2014-04-28 18:59 GMT+02:00 Reindl Harald >: > > Am 28.04.2014 18:52, schrieb Miloslav Trmač: > > No no no no no. If you want a firewall "integrated" /that/ way, you > are really > > better of uninstallin

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

Am 28.04.2014 18:52, schrieb Miloslav Trmač: > 2014-04-28 12:42 GMT+02:00 David Woodhouse >: > > On Mon, 2014-04-21 at 09:42 +0200, Reindl Harald wrote: > > Am 21.04.2014 03:39, schrieb Lars Seipel: > > > Nicely aligning with the current firewall thread I

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

2014-04-28 18:59 GMT+02:00 Reindl Harald : > Am 28.04.2014 18:52, schrieb Miloslav Trmač: > > No no no no no. If you want a firewall "integrated" /that/ way, you are > really > > better of uninstalling it or opening it up; it serves no purpose. > > no, even if that way is completly wrong it's bet

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

2014-04-28 12:42 GMT+02:00 David Woodhouse : > On Mon, 2014-04-21 at 09:42 +0200, Reindl Harald wrote: > > Am 21.04.2014 03:39, schrieb Lars Seipel: > > > Nicely aligning with the current firewall thread I noticed that one of > > > my machines was running the exim MTA for the last few days, dutifu

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

On Mon, 2014-04-21 at 09:42 +0200, Reindl Harald wrote: > > Am 21.04.2014 03:39, schrieb Lars Seipel: > > Nicely aligning with the current firewall thread I noticed that one of > > my machines was running the exim MTA for the last few days, dutifully > > listening on all interfaces > > and now it

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

On Mon, Apr 21, 2014 at 06:58:56AM -0400, Mauricio Tavares wrote: > If all smartmontools need is to just send emails out, I would > suggest using something like ssmtp or msmtp. /usr/sbin/sendmail is handled with alternatives and can be provided by e.g. ssmtp. Smartmontools was changed for ex

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

On Mon, Apr 21, 2014 at 3:42 AM, Reindl Harald wrote: > > Am 21.04.2014 03:39, schrieb Lars Seipel: >> Nicely aligning with the current firewall thread I noticed that one of >> my machines was running the exim MTA for the last few days, dutifully >> listening on all interfaces > > and now it is *p

an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

Am 21.04.2014 03:39, schrieb Lars Seipel: > Nicely aligning with the current firewall thread I noticed that one of > my machines was running the exim MTA for the last few days, dutifully > listening on all interfaces and now it is *proven for sure* that disable the firewall by default is the most