Am 22.12.2014 um 10:10 schrieb drago01:
On Mon, Dec 22, 2014 at 9:26 AM, Björn Persson
<Bjorn(a)xn--rombobjrn-67a.se> wrote:
> Stephen John Smoogen wrote:
>> Uhm no. You seem to be wanting a fight over something, and I have no
>> mood to engage. I hope you have a more pleasant holidays than what
>> your tone indicates you are currently having.
>
> The idea of making two calls to open a port seemed like a bad design to
> me, so I proposed what seemed like a better design.
FWIW we already have a mechanism to restricts which ports specific
applications are allowed to open without using firewalld at all. Its
called "SELinux" (only works for confined domains but server
applications should run in one anyway)
that don't solve the "firewall open on ports greater than 1024" on
workstations starting with F21 as long as you don't forbid *any*
application without a SELinux context to open a non-privileged port