Firewall

[seth vidal]

On Mon, 2010-12-06 at 20:34 +0100, Miloslav Trmač wrote:
> It's not, but we don't really have "personal installs"; any system can
> be a desktop, a server, or both at the same time.

Agreed  - I think the case being described by Jesse, though, is the
livecd case. That's what the 'personal install' seems to be to me. In
that case the livecd kickstart can turn off the iptables, if it so
chooses. I'd recommend against it.


> SIP? Desktop sharing? An incoming connection won't be able to come
> through the ADSL modem's NAT anyway, so some kind of tunneling or an
> external service broker (which turns the connection from incoming into
> outgoing, enabled by default) is needed.
> 
> It may be just me, but really can't remember a single example when the
> firewall has broken something for me, at least in the last 10 years.

I'll add a +1 to this, too. The only client having trouble I can think
of in forever is bittorrent and that wasn't my firewall it was my
wireless router.

Having iptables on just keeps out the port probes when you're on a
public network - the way ours is configured in fedora makes it pretty
easy for most client apps.

-sv