mcatanzaro(a)gnome.org writes:
Well the thing is, blocknig ports tends to break applications that
want
to use those ports. We're not going to do that, period. It also doesn't
really accomplish anything: either your app or service needs network
access and you have whitelisted it (in which case the firewall provides
no security), or it needs network access and you have not whitelisted
it (in which case your firewall breaks your app/service). In no case
does it increase your security without breaking your app, right? Unless
you have malware installed (in which case, you have bigger problems
than the firewall). Or unless you have a vulnerable network service
installed that you don't want (in which case, uninstall it).
So if you want to change the firewall settings, you'd need to
completely rethink how the firewall works. And nobody seems interested
in doing that. We could e.g. have a list of apps that are allowed
network access, but then we'd need some form of attestation so apps
can't impersonate each other. So only sandboxed (flatpaked) apps could
use this hypothetical new firewall. And we surely don't want to have
yes/no permission prompts, so we can't really ask the user "do you want
your app to access the network?" (the user will almost always say
yes).
For what it's worth, macOS started doing exactly that recently.
I agree it seems useless, except for one thing. Sometimes, you realize
that some app is opening a port when you don't expect it.
I'm not really sure what design would even work.
Avoiding unnecessary network services makes more sense.
On Mon, Aug 26, 2019 at 3:45 PM, Alexander Ploumistos
<alex.ploumistos(a)gmail.com> wrote:
>
> As a matter of fact, you did:
>
<
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.o...
>
<
https://docs.fedoraproject.org/en-US/Fedora/21/html/Release_Notes/sect-Pr...
Thanks for dredging up these links!
Michael
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
--
Cheers,
Christophe de Dinechin (IRC c3d)