In computer systems it is often desirable to allow a component to be configured remotely through a network. One example of a component that can be configured is the firewall—e.g., the firewall can be set to allow or block network traffic, or can be turned on or off. It is convenient for an administrator to be able to set the parameters of the firewall remotely. However, a firewall is normally configurable only by a user with administrator or network operator privileges, and allowing a firewall (or the supporting service that allows configuration of the firewall) to accept network connections at a privileged level creates a security risk and increases the attack surface of the machine on which the firewall is running.
It is thus desirable to allow a component such as the firewall to be configured remotely, but without requiring the component to accept network requests that run at a high level of privilege.