<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">2014-04-15 15:59 GMT+02:00 Michael Catanzaro <span dir="ltr"><<a href="mailto:mcatanzaro@gnome.org" target="_blank">mcatanzaro@gnome.org</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On Tue, 2014-04-15 at 14:35 +0200, Zbigniew Jędrzejewski-Szmek wrote:<br>
> What needs to be done to improve the firewall integration?<br>
><br>
> Zbyszek<br>
<br>
</div>The rule in the Workstation technical spec is: "A firewall in its<br>
default configuration may not interfere with the normal operation of<br>
programs installed by default." [1] There's a discussion on the desktop<br>
list beginning at [2] that has some brainstorming and explanation as to<br>
why this would be hard.<br>
<br>
[1]<br>
<a href="https://fedoraproject.org/wiki/Workstation/Technical_Specification#Firewall" target="_blank">https://fedoraproject.org/wiki/Workstation/Technical_Specification#Firewall</a><br>
<br>
[2]<br>
<a href="https://lists.fedoraproject.org/pipermail/desktop/2014-February/009142.html" target="_blank">https://lists.fedoraproject.org/pipermail/desktop/2014-February/009142.html</a><br></blockquote><div><br></div><div>For the benefit of keeping everything on this list:<br>
<br>AFAICS this discussion basically says "applications can't depend on firewalld, therefore they can't use firewalld APIs, therefore they wouldn't know whether the firewall restircts them, therefore firewalld must be removed".<br>
<br>The only given reason why the applications can't depend on firewalld is vague claims that the D-Bus API is somehow unusable, which is clearly false because firewall-cmd is using exactly the same API.<br></div><div>
Mirek<br></div></div></div></div>