Firewall

[Jesse Keating]

On 12/06/2010 06:04 PM, Adam Williamson wrote:
> On Mon, 2010-12-06 at 19:05 +0000, Daniel P. Berrange wrote:
> 
>> The other benefit would be if the user only intended the
>> service to be accessible to localhost, or a UNIX domain
>> socket but for some reason screwed up their service's
>> config & opened it to the world.
> 
> I use it as a safety net for much this reason. I am not comfortable with
> 100% guaranteeing that 'helpful' services we install by default like
> Avahi are not doing things I really wouldn't want them to do when I
> connect to some open wifi network.

I think this is where the zones work that was talked about will come in
handy.  If you connect to a new unknown network, default to firewalled
until the user "trusts" the zone.  But if you trust the zone, trust it,
don't get in the way.

-- 
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating