| |||||||||||||
Fedora introduces Network ZonesFedora introduces Network ZonesPosted Mar 1, 2012 3:36 UTC (Thu) by smoogen (subscriber, #97)Parent article: Fedora introduces Network Zones
Question: How does the firewalld protect itself from being fooled into thinking it is on a "Trusted" environment.
The reason I ask is that there have been several attacks in the past where either malware or a network attack caused other firewalls to switch profiles from a protected one to a trusted one.
(Log in to post comments)
Fedora introduces Network Zones Posted Mar 1, 2012 3:38 UTC (Thu) by smoogen (subscriber, #97) [Link]
I missed the PolicyKit items when first reading the article. A bit more explanation might help me understand it better though.
Fedora introduces Network Zones Posted Mar 1, 2012 12:40 UTC (Thu) by Ben_P (subscriber, #74247) [Link]
It sounded like PolicyKit is used to ensure that only these Network Zones tools can modify the firewall. So you'd have to auth with policykit before you could modify any IpTables state, that's how I read it anyway. So the Zones application would defacto auth with policykit so when it decides to change the firewall, it can.
Also, will it be possible to associate zones with actual IpTables rule sets? I'm very comfortable with the existing iptables command line interface and the format in the linked zone files ( http://git.fedorahosted.org/git/?p=firewalld.git;a=tree;f... ) at least at first reading doesn't seem nearly as verbose. Maybe someone has a link to the file spec for these zone xml files?
|
|||||||||||||