> > Hi,
> > I ended up calling the firewalld maintainer to understand the state of things
> > and there is this concept in firewalld called zones that we should be able to
> > use to create a better user experience, yet at the same time keep the
> > firewall
> > working when people connect with their laptop at an internet cafe for
> > instance.
>
> Right. But firewalld can't a Fedora-only solution, otherwise no application
developer
> will want to integrate with it.
>
> We'd also need designs based around that, and see if firewalld is indeed the
right
> technical solution.
>
> Right now, we don't even know whether a firewall is required, or it's just a
> work-around for applications that aren't integrated.
I fully agree with Bastien here. I don't think a firewall brings any
benefit on th desktop, and particularly not in the implementation of
firewalld. There are better ways to make sure the local system is not
vulnerable, and in its current state firewalld just creates problems and
slows down the boot immensly (it's the number 1 slowest component on
Fedora, right now.)
On a properly configured system basically the average desktop should
have little to no services listening and those that are likely are
allowed through the firewall anyway so aren't protected by a firewall.
Ultimately though we should likely offer a means to detect when on a
public or private network and bring up the firewall on the former to
protect the user as they're unlikely to want to share their dlna media
with most people on a public network.
Peter