Firewall

[Adam Jackson]

On Mon, 2010-12-06 at 15:06 -0500, seth vidal wrote:
> On Mon, 2010-12-06 at 21:01 +0100, Tomasz Torcz wrote: 
> >   Yeah, general discovery.  From the top of my head:
> > - Pulseaudio sinks and sources
> > - libvirt instances for virt-manager
> > - VNC desktops for Vinagre
> > - local web pages (think SOHO router config page) for zeroconf
> >   enabled Webbrowsers like Epiphany
> > - remote disk management (udisks)
> > - local FTP sites and WebDAV shares shown in nautilus places
> > 
> >   And this is all blocked by default Fedora firewall settings (5353/udp).
> 
> I'm confused - are any of the above intended to be used/available by
> anyone who is NOT experienced enough to know what iptables are and how
> to manage them? B/c I think it's a bit unlikely.

Yes, in fact.  This is how ad-hoc service discovery works on every other
OS and with a stunning number of consumer devices.  Interop with that is
an entirely reasonable thing to expect.

I've been using linux for, what, fourteen years now?  I've migrated
firewall configs from ipfwadm through ipchains through iptables.  I've
done network administration for a day job.  I know what a firewall is,
and if you force me to I can remember how to manage one long enough to
make file sharing work.

And every time I do, I think "there's no reason it needs to be this
hard".  All I want to do is make movies on my hard drive visible to my
PS3.  Why is this harder than clicking "share"?  All I want to do is
plug the NAS drive I just bought from Best Buy into the ethernet cable
and put files on it.  Why do I have to play mother-may-I with the
firewall config tool before I can see that it's offering a UPNP service?

- ajax