What I HATE about F11
Horst H. von Brand
vonbrand at inf.utfsm.cl
Mon Jun 22 04:55:57 UTC 2009
Lennart Poettering <mzerqung at 0pointer.de> wrote:
[...]
> Gah. Allowing packages to pierce the firewall just makes the firewall
> redundant.
Not entirely.
> I still think that the current firewall situation on Fedora is pretty
> much broken. It's a bit like SELinux: it's one of the first features
> most people disable.
Strange... I've rarely had any reason to futz around with the firewall
here. Neither with SELinux, at least for a long while now.
> Fedora is the only big distro that enables a firewall by default and
> thus creates a lot of trouble for many users. I think I mentioned that
> before, and I can only repeat it here: we should not ship a firewall
> enabled by default, like we currently do. If an application cannot be
> trusted then it should not be allowed to listen on a port by default
> in the first place. A firewall is an extra layer of security that
> simply hides the actual problem.
True. But "another layer of security" /is/ a good idea, most of the time.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria +56 32 2654239
Casilla 110-V, Valparaiso, Chile 2340000 Fax: +56 32 2797513
More information about the devel
mailing list