Jacob Appelbaum wrote:
>> > Jacob Appelbaum wrote (24 Jul 2014 21:27:54 GMT) :
>>> >> That sounds like a great reason to find a way to make it easy to
>>> >> dynamically change the firewall for such an application - can ferm
>>> >> easily load different rules on demand?
>> >
>> > No idea.
>
> Ok. This seems like a side point but still an important thing to
> consider at some point - stuff like i2p, Tor and other firewall
> exceptions might be good to disable by default.
You can define and test variables in ferm, and according to the man
page, you can pass variables from the ferm command line with the --def
option. So it should be possible to run:
ferm --def '$enable_i2p=1' /etc/ferm/ferm.conf
to reload the firewall and activate some additional rules from the
general ferm.conf file on demand.
Not tested though.
--
sajolida