Firewall blocking desktop features

Ralf Corsepius rc040203 at
Wed Sep 11 13:20:41 UTC 2013

On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
> Hash: SHA1
> On 09/11/2013 06:35 AM, Heiko Adams wrote:
>> Am 11.09.2013 12:30, schrieb Alec Leamas:
>>> That said, I see your point.  Seems to boil down to that only the
>>> application knows which port(s)  to open and why, whereas only the
>>> firewall can guarantee  that it actually opens the ports requested by
>>> user instead of something else.
>> So the application needs to ask the firewall to open one or more ports and
>> the firewall has to ask the user for permission to do so. In this szenario
>> the firewall knows what application wants which port(s) to be open. Letting
>> the application directly ask for permission to punch holes in the firewall
>> is IMHO the worst case of all and a securiry nightmare.
> Asking my wife if she intends to open port 2345 is a waste of time.  She has
> no idea whether or not this is required.  And will quickly learn to answer ok.
> Asking her "Do you want to make security changes to share directory
> /home/phyllis/Share?"  Or
> Do you want to make security changes to share Printer XYZ?
> Would make sense.
My marriage would be facing serious troubles, if my wife opens any port 
on our shared machines ;)

Seriously, I think you guys are forgetting Linux isn't a 
Single-User-Single-Seat OSes.


More information about the devel mailing list