Firewall blocking desktop features
Alec Leamas
leamas.alec at gmail.com
Wed Sep 11 13:32:02 UTC 2013
On 2013-09-11 15:20, Ralf Corsepius wrote:
> On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 09/11/2013 06:35 AM, Heiko Adams wrote:
>>> Am 11.09.2013 12:30, schrieb Alec Leamas:
>>>>
>>>> That said, I see your point. Seems to boil down to that only the
>>>> application knows which port(s) to open and why, whereas only the
>>>> firewall can guarantee that it actually opens the ports requested by
>>>> user instead of something else.
>>>>
>>> So the application needs to ask the firewall to open one or more
>>> ports and
>>> the firewall has to ask the user for permission to do so. In this
>>> szenario
>>> the firewall knows what application wants which port(s) to be open.
>>> Letting
>>> the application directly ask for permission to punch holes in the
>>> firewall
>>> is IMHO the worst case of all and a securiry nightmare.
>>>
>>>
>>>
>>
>> Asking my wife if she intends to open port 2345 is a waste of time.
>> She has
>> no idea whether or not this is required. And will quickly learn to
>> answer ok.
>>
>> Asking her "Do you want to make security changes to share directory
>> /home/phyllis/Share?" Or
>>
>> Do you want to make security changes to share Printer XYZ?
>>
>> Would make sense.
> My marriage would be facing serious troubles, if my wife opens any
> port on our shared machines ;)
>
> Seriously, I think you guys are forgetting Linux isn't a
> Single-User-Single-Seat OSes.
>
> Ralf
>
>
Well, it is. Also. And hat's really the core here. It's so damned
different in these two cases.
--alec
More information about the devel
mailing list