Firewall blocking desktop features

Reindl Harald h.reindl at
Wed Sep 11 10:07:09 UTC 2013

Am 11.09.2013 12:02, schrieb Nicolas Mailhot:
> Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
>> On 2013-09-11 11:11, Heiko Adams wrote:
>>> Am 11.09.2013 10:41, schrieb Ankur Sinha:
>>>> - These software inform and take permission from the user before
>>>> opening
>>>> ports in the firewall.
>>> IMHO it should be the job of the firewall to inform the user about an
>>> application that want's to open one or more ports and ask for permission
>>> to open that ports either temporary for the current session or
>>> permanent.
>> Is this a good idea? The firewall just knows aboyt an attempt to use a
>> specific port. It does not know which application which *really* is
>> trying to use that port. It could certainly make an educated guess, but
>> that's just not good enough in this context IMHO.
>> OTOH, the application knows what ports it needs (even some which just
>> might be used later) and can also identify itself to the user. Seems
>> more reasonable to me.
> The application can lie and propose to open X and then when user says ok
> open Y. The prompt really needs to be initiated firewall-side

and as long there is no way for the firewall to *predictable* know
what application and display it in the user-request this whole
discusssion is *pointless* from a security point of view and
we *do not* make all the mistakes other OS vendors in the past
in this context

thank you!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the devel mailing list