Network Printing + Firewall..

Thomas Woerner twoerner at redhat.com
Wed Nov 11 16:31:58 UTC 2009 

On 11/11/2009 02:40 PM, Matthias Clasen wrote:
> On Wed, 2009-11-11 at 10:47 +0100, Gianluca Sforna wrote:
>> On Tue, Nov 10, 2009 at 1:25 PM, Matthias Clasen<mclasen at redhat.com>  wrote:
>>> On Tue, 2009-11-10 at 07:27 +0000, "Jóhann B. Guðmundsson" wrote:
>>>> Greetings...
>>>>
>>>> Any reason why scanning the network for printers is blocked in firewall
>>>> on the desktop live cd after install ( tested with 09/11/09  i686 iso)
>>>> or is this something we missed?
>>>>
>>>
>>> The firewall is an unsolved issue. We considered just turning it off for
>>> F12 (as some have advocated), but didn't have the courage to do it in
>>> the end. It is one of the bigger problems we have to tackle soon. It not
>>> only torpedoes printing, it also sabotages file sharing, music sharing,
>>> and so on.
>>
>> Would something like the SELinux troubleshooter (BTW, I just love the
>> F12 one, kudos to the developers), catching denials generated by the
>> firewall and presenting the user a dialog to allow pinching the
>> appropriate ports, be a worth project to pursue? maybe something like
>> this do exist somewhere?
>
> That is what most developers immediately think of as the 'solution' to
> this issue. But it is not a solution, really. It is moving the problem
> to the user and asking him to make decisions he is not ready to make.
>
> What would you answer if a dialog spontaneously pops up that says
>
>
> Program /usr/bin/greqrml wants to listen on port 978. This may be
> dangerous.
>                                 [Allow][Deny][No idea, you decide]
>
>
> A better approach would be to use information about the 'network
> environment' and make decisions based on that. E.g allow rhythmbox to
> share music on your home network, but not in the coffee shop. Of course,
> this need informations about the 'trust level' or privacy of the
> network.
>
And there is a older bugzilla requesting to add the ability to classify 
network connections in NetworkManager: #472784

The original title was: Home mode/HotSpot mode in NetworkManager

>
> Matthias
>
Thomas

More information about the desktop mailing list