Removing firewall-config from the default install of Fedora Workstation

drago01 drago01 at gmail.com
Fri Aug 22 14:57:00 UTC 2014 

On Fri, Aug 22, 2014 at 4:54 PM, Josh Boyer <jwboyer at fedoraproject.org> wrote:
> On Fri, Aug 22, 2014 at 10:44 AM, drago01 <drago01 at gmail.com> wrote:
>> On Fri, Aug 22, 2014 at 4:33 PM, Josh Boyer <jwboyer at fedoraproject.org> wrote:
>>> On Fri, Aug 22, 2014 at 10:12 AM, Michael Catanzaro
>>> <mcatanzaro at gnome.org> wrote:
>>>>> I would personally strongly recommend to keep the firewall
>>>>> configuration
>>>>> utility in Fedora Workstation to allow server application developers
>>>>> and
>>>>> also others to have an easy way to configure their firewall settings
>>>>> according to their needs.
>>>>
>>>> I don't think firewall-config is even remotely close to an easy way to
>>>> configure firewall settings. It's obviously a tool intended for advanced
>>>> users only, which is why we suggest removing it -- we're trying really
>>>> hard to get rid of anything that requires technical expertise to use.
>>>> But it's possible that we may want to make an exception for
>>>> firewall-config.
>>>>
>>>> I'm not sure how to make firewall configuration easy, and I suspect it
>>>> may not be possible, but you'd have to start with removing all mention
>>>> of ports ("my computer only has six ports!") and services ("why is http
>>>> not checked, that must by why my Internet is broken") ("AMANDA! What is
>>>> this amanda-client you're running on my network!"). I guess an easy
>>>> firewall configuration tool would be a list of applications with an on
>>>> or off switch to configure whether that application should be allowed to
>>>> access the network. That's the sort of firewall configuration I would be
>>>> more enthusiastic to install by default, but that would not be useful at
>>>> all for developers.
>>>
>>> Slightly orthogonal, but the original discussion wasn't about specific
>>> ports/apps but more about what to do when a user switches from one
>>> network to another.  firewalld-config has the concept of zones for
>>> this, but the UI isn't immediately clear.  I thought someone was
>>> looking at making changes in GNOME and/or NetworkManager to prompt for
>>> a "security level" etc.  What happened to that work?
>>
>> https://wiki.gnome.org/ThreePointThirteen/Features/SharingNetworkAwareness
>
> Thanks, that is the feature/bug I was remembering.  So it's in 3.14
> already under the Sharing settings.
>
> What is unclear to me is if a dialog pops up when a network change is
> detected, or if there is no dialog does it default to off for a new
> network?  (Apologies, I don't have a separate network to test at the
> moment).

I have not tested it either ... Bastien?

More information about the desktop mailing list