About F19 Firewall

P J P pj.pandit at yahoo.co.in
Tue Sep 24 15:29:56 UTC 2013

----- Original Message -----
> From: Thomas Woerner <twoerner at redhat.com>
> Subject: Re: About F19 Firewall
> Applications or daemons can only request changes to the firewall if they 
> are authenticated.

  Sure. But user authentication is function of the task an application performs and not of the firewall rules it adds or removes. In most cases, user won't even know what firewall rules an application is going to add/edit/remove. Meaning if an authenticated application leaves user's machine vulnerable, that is always going to be a side-effect and not an intended one.

Ex. Say I start virt-manager, it prompts me for authentication, I enter password and click [Ok]. It starts libvirtd in the background, creates interfaces, adds firewall rules etc. etc.  As a user looking at the GUI, I'm completely oblivious to what it is doing(or did) in the background.

This side-effect design is what I think isn't a good idea.


More information about the devel mailing list