Removing firewall-config from the default install of Fedora Workstation

Josh Boyer jwboyer at fedoraproject.org
Fri Aug 22 14:33:00 UTC 2014


On Fri, Aug 22, 2014 at 10:12 AM, Michael Catanzaro
<mcatanzaro at gnome.org> wrote:
>> I would personally strongly recommend to keep the firewall
>> configuration
>> utility in Fedora Workstation to allow server application developers
>> and
>> also others to have an easy way to configure their firewall settings
>> according to their needs.
>
> I don't think firewall-config is even remotely close to an easy way to
> configure firewall settings. It's obviously a tool intended for advanced
> users only, which is why we suggest removing it -- we're trying really
> hard to get rid of anything that requires technical expertise to use.
> But it's possible that we may want to make an exception for
> firewall-config.
>
> I'm not sure how to make firewall configuration easy, and I suspect it
> may not be possible, but you'd have to start with removing all mention
> of ports ("my computer only has six ports!") and services ("why is http
> not checked, that must by why my Internet is broken") ("AMANDA! What is
> this amanda-client you're running on my network!"). I guess an easy
> firewall configuration tool would be a list of applications with an on
> or off switch to configure whether that application should be allowed to
> access the network. That's the sort of firewall configuration I would be
> more enthusiastic to install by default, but that would not be useful at
> all for developers.

Slightly orthogonal, but the original discussion wasn't about specific
ports/apps but more about what to do when a user switches from one
network to another.  firewalld-config has the concept of zones for
this, but the UI isn't immediately clear.  I thought someone was
looking at making changes in GNOME and/or NetworkManager to prompt for
a "security level" etc.  What happened to that work?

josh


More information about the desktop mailing list