Firewall blocking desktop features

Alec Leamas leamas.alec at
Wed Sep 11 10:30:26 UTC 2013

On 2013-09-11 12:02, Nicolas Mailhot wrote:
> Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
>> On 2013-09-11 11:11, Heiko Adams wrote:
>>> Am 11.09.2013 10:41, schrieb Ankur Sinha:
>>>> - These software inform and take permission from the user before
>>>> opening
>>>> ports in the firewall.
>>> IMHO it should be the job of the firewall to inform the user about an
>>> application that want's to open one or more ports and ask for permission
>>> to open that ports either temporary for the current session or
>>> permanent.
>> Is this a good idea? The firewall just knows aboyt an attempt to use a
>> specific port. It does not know which application which *really* is
>> trying to use that port. It could certainly make an educated guess, but
>> that's just not good enough in this context IMHO.
>> OTOH, the application knows what ports it needs (even some which just
>> might be used later) and can also identify itself to the user. Seems
>> more reasonable to me.
> The application can lie and propose to open X and then when user says ok
> open Y. The prompt really needs to be initiated firewall-side
True. But isn't there  a lot to do if we should safefuard against local, 
lying applications?  Well, we have the precompiled, proprietary ones...

Even if an app isn't  malware, most applications are just not designed 
for a scenario where the user is prompted to punch o hole in the 
firewall as soon as an attempt is done. There might be surprises down 
this road.

That said, I see your point.  Seems to boil down to that only the 
application knows which port(s)  to open and why, whereas only the 
firewall can guarantee  that it actually opens the ports requested by 
user instead of something else.


More information about the devel mailing list