About F19 Firewall

Mateusz Marzantowicz mmarzantowicz at osdf.com.pl
Tue Sep 17 10:49:23 UTC 2013

On 17.09.2013 12:31, Nicolas Mailhot wrote:
> Le Mar 17 septembre 2013 11:33, Björn Persson a écrit :
>> Mateusz Marzantowicz wrote:
>>> Wireless networks have unique "names" and are represented as different
>>> connections on NetworkManager (network connection != interface). For
>>> network named "MyHomeNet" one can associate Home zone in NetworkManager
>>> and for network "CoffeShowHotSpot" one assigns Public zone. You don't
>>> have to change anything once it's assigned.
>> So when some innocent-looking guy is sitting in the café with a
>> smartphone posing as an access point with an SSID of "MyHomeNet", will
>> your Fedora laptop connect to it, switch to the Home zone, and assume
>> that everybody on that network is friendly?
> Does not matter if the firewall rules become complex enough no one will
> ever audit them and they become the malware-ridden black-boxes common in
> windows environments.
> (though systemd and gnome3 are taking the 'pile of overengineered rules no
> one checks' route fast)

Maybe, true but I doubt that simpler set of rules, that never get
audited, written by inexperienced users are more secure than "complex"
rules in FirewallD which at last had chance to be checked.

BTW, there is not that much magic in rules applied by FirewallD and
other firewall solutions for Linux have similar level of rule complexity
(ufw, shorewall, etc.)

Mateusz Marzantowicz

More information about the devel mailing list