Firewall blocking desktop features

Reindl Harald h.reindl at thelounge.net
Wed Sep 11 13:18:09 UTC 2013



Am 11.09.2013 15:05, schrieb Daniel J Walsh:
> On 09/11/2013 08:56 AM, Alec Leamas wrote:
>> Although this would work for both our wifes I'd hate it myself. There need
>> to be some way in  the interface to understand what's *really* going on
>> here, the ports opened, triggers etc. But not unless requested, agreed.
> 
> My idea is that Samba registers something with firewalld that says here is the
> prompt to show if a process in user space says to open port 2345.

very very bad idea!

that means if the is no samba running and whatever harmful
process needs to open incoming connections it would trigger
the promt for samba

these is the way to go only if you want to design a security nightmare

> The problem with this solution is potential conflicts in port numbers and pps
> that just use random ports (Which I think should just not be allowed to use
> the service and would require to disable the firewall.)

the real problem i described above

as long the is no way to get *predictable* which service/process
is aksing for open a specific port and verify this on the system
level this all is completly pointless

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130911/d2b010b8/attachment.sig>


More information about the devel mailing list