Firewall blocking desktop features

Alec Leamas leamas.alec at
Wed Sep 11 13:32:02 UTC 2013

On 2013-09-11 15:20, Ralf Corsepius wrote:
> On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
>> Hash: SHA1
>> On 09/11/2013 06:35 AM, Heiko Adams wrote:
>>> Am 11.09.2013 12:30, schrieb Alec Leamas:
>>>> That said, I see your point.  Seems to boil down to that only the
>>>> application knows which port(s)  to open and why, whereas only the
>>>> firewall can guarantee  that it actually opens the ports requested by
>>>> user instead of something else.
>>> So the application needs to ask the firewall to open one or more 
>>> ports and
>>> the firewall has to ask the user for permission to do so. In this 
>>> szenario
>>> the firewall knows what application wants which port(s) to be open. 
>>> Letting
>>> the application directly ask for permission to punch holes in the 
>>> firewall
>>> is IMHO the worst case of all and a securiry nightmare.
>> Asking my wife if she intends to open port 2345 is a waste of time.  
>> She has
>> no idea whether or not this is required.  And will quickly learn to 
>> answer ok.
>> Asking her "Do you want to make security changes to share directory
>> /home/phyllis/Share?"  Or
>> Do you want to make security changes to share Printer XYZ?
>> Would make sense.
> My marriage would be facing serious troubles, if my wife opens any 
> port on our shared machines ;)
> Seriously, I think you guys are forgetting Linux isn't a 
> Single-User-Single-Seat OSes.
> Ralf
Well, it is. Also. And hat's really the core here. It's so damned 
different in these two cases.


More information about the devel mailing list