Firewall blocking desktop features

Reindl Harald h.reindl at
Thu Sep 12 06:32:01 UTC 2013

Am 12.09.2013 08:25, schrieb Pierre-Yves Chibon:
>> Application should request the ports to be opened and the firewalld
>> layer should then confirm with the user stating which ports and
>> which app requested said ports.  The app can't lie if the firewall
>> layer is the one asking for confirmation.
> But a malicious app can pretend to be another one, unless there is a way for the
> firewall to know which app is asking in a way that cannot be forged

the problem is that people refuse to understand security implications
until it is too late and in context of a firewall this is fatal

proven by 80 out of 100 alerts on securityfocus for *any* sort of software

and before someone comes out with "but konqueror is from a package"

well, and you be 100% sure that you not treat /usr/local/bin/ or
~/bin/konqueror the same trusted way and how do you make it sure?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the devel mailing list