<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">2014-04-28 18:59 GMT+02:00 Reindl Harald <span dir="ltr"><<a href="mailto:h.reindl@thelounge.net" target="_blank">h.reindl@thelounge.net</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Am 28.04.2014 18:52, schrieb Miloslav Trmač:<br>
> No no no no no. If you want a firewall "integrated" /that/ way, you are really<br>
<div class="">> better of uninstalling it or opening it up; it serves no purpose.<br>
<br>
</div>no, even if that way is completly wrong it's better than no firewall<br>
as i have explained multiple times there may run software not from<br>
the Fedora repos which opens ports unintentionally from the users<br>
point of view and especially a user with no network expierience<br>
will not realize that - and yes that software matters because<br>
we are talking about a *operating system*<br></blockquote><div>Well if the users' expectations were that the firewall doesn't "interfere" with Fedora applications, why would they expect it to "interfere" with non-Fedora applications? <br>
<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
the next thing is when it comes to malware opening ports<br>
there are two types of malware:<br>
<br>
* privilege escalation (you have lost)<br>
* crap try to open a unprivileged port with user permissions<br></blockquote><div>The second case is a subset of the first one anyway :)<br><br></div><div>And doesn't every malware know to make an _outgoing_ connection to an IRC server nowadays? Stopping malware by blocking incoming connections is fairly illusory IMHO.<br>
</div></div> Mire<br></div></div>