Firewall
Jesse Keating
jkeating at redhat.com
Tue Dec 7 02:07:13 UTC 2010
On 12/06/2010 06:04 PM, Adam Williamson wrote:
> On Mon, 2010-12-06 at 19:05 +0000, Daniel P. Berrange wrote:
>
>> The other benefit would be if the user only intended the
>> service to be accessible to localhost, or a UNIX domain
>> socket but for some reason screwed up their service's
>> config & opened it to the world.
>
> I use it as a safety net for much this reason. I am not comfortable with
> 100% guaranteeing that 'helpful' services we install by default like
> Avahi are not doing things I really wouldn't want them to do when I
> connect to some open wifi network.
I think this is where the zones work that was talked about will come in
handy. If you connect to a new unknown network, default to firewalled
until the user "trusts" the zone. But if you trust the zone, trust it,
don't get in the way.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
More information about the devel
mailing list