About F19 Firewall

P J P pj.pandit at yahoo.co.in
Wed Sep 18 06:16:23 UTC 2013

----- Original Message -----
> From: Mateusz Marzantowicz <mmarzantowicz at osdf.com.pl>
> Subject: Re: About F19 Firewall
> Maybe, true but I doubt that simpler set of rules, that never get
> audited, written by inexperienced users are more secure than "complex"
> rules in FirewallD which at last had chance to be checked.

   It's not that simpler rules are more secure, but they come handy if one is to audit them or modify them for his/her set-up. Such modifications could be merged back as user contributions, which only helps to strengthen the tool or set of rules. The thing with complexity is, it keeps, even the able people, away from fiddling with things which I feel sort of beats the whole purpose. As in, if amongst all the available zones, a user is always going to use just one everywhere, it beats the purpose of other zones and the promise of security too, no? Worse is, people would just turn it(Firewalld) off because they can not understand it or make it work for them.

> BTW, there is not that much magic in rules applied by FirewallD and
> other firewall solutions for Linux have similar level of rule complexity
> (ufw, shorewall, etc.)

   True. We can not avoid complexity. There are complex set-ups & networks, which need complex rules. Firewalld as a tool would be right having features to enable a user who wish to create such complexity and define rules for the same. But providing it by default for individual Fedora users, who don't need it, doesn't feel right.


More information about the devel mailing list