From f1492321b1f843d98359a4053fa6087e1bc3a06d Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 31 Oct 2014 10:29:20 -0400 Subject: add todo --- .../port_info_for_properties_for_firewall.mdwn | 24 ++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 doc/todo/port_info_for_properties_for_firewall.mdwn (limited to 'doc/todo/port_info_for_properties_for_firewall.mdwn') diff --git a/doc/todo/port_info_for_properties_for_firewall.mdwn b/doc/todo/port_info_for_properties_for_firewall.mdwn new file mode 100644 index 00000000..efaaba05 --- /dev/null +++ b/doc/todo/port_info_for_properties_for_firewall.mdwn @@ -0,0 +1,24 @@ +The firewall module could be improved if properties that set up a service +on a port included info (see Propellor.Info and Propellor.Types.Info) +about the port(s) used. + +While currently the ports have to be explicitly listed: + + & Apache.installed + & Firewall.installed + & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 80)) + & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 443)) + +Instead the ports would be derived from the installed services. + + & Apache.installed + & Firewall.installed + +There could also be some combinators to adjust the exposed +ports of a property. + + & localOnly Apache.installed + & exposedPorts [443,80] (Apt.serviceInstalledRunning "apache2") + +Such port enformation is also going to be needed as a basis of +[[type_level_port_conflict_detection]]. --[[Joey]] -- cgit v1.2.3