F21 System Wide Change: Workstation: Disable firewall

Simo Sorce simo at redhat.com
Tue Apr 15 14:37:38 UTC 2014 

On Tue, 2014-04-15 at 10:28 -0400, Christian Schaller wrote:
> ----- Original Message -----
> > From: "Reindl Harald" <h.reindl at thelounge.net>
> > To: devel at lists.fedoraproject.org
> > Sent: Tuesday, April 15, 2014 11:40:20 AM
> > Subject: Re: F21 System Wide Change: Workstation: Disable firewall
> > 
> > 
> > Am 15.04.2014 11:32, schrieb drago01:
> > > On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <h.reindl at thelounge.net>
> > > wrote:
> 
> > allow any random application to open a unprivlieged
> > port which is reachable from outside is dangerous
> > 
> We already allow that and have for a long while. Any application bothering to support the firewalld dbus interface can open any port 
> they wish to.
> 
> There was a long thread about this on the desktop mailing list, and I was not in the 'disable the firewall' camp in that discussion,
> but nobody in that thread or here have articulated how the firewall exactly enhance security in the situation where we at the 
> same time need to allow each user to have any port they desire opened for traffic to make sure things like DLNA or Chromecast works.
> 
> The thread discussing this ended up with mostly being a discussion if the firewall would be a useful way to help users from accidentally 
> oversharing on a public network. Which is important and something we want to work on, but a lot less so than security issues.

There is plenty of prior art here.

What you need is clearly different "zones" that the user can configure
and associate to networks, with the default being that you trust nothing
and everything is firewalled when you roam a new network.

firewalld should grow a NetworkManager plugin so that configuration can
be changed on the fly based on which network NM tells firewalld a
specific interface is connected to.

Applications need to be prevented from being able to arbitrarily open
ports, that should be allowed only for a "trusted" zone. User
intervention should be needed to mark a zone as trusted, in all other
zones the user will have to select explicitly what applications are
allowed.

So the big work here is in the UI you need to build to present these
configurations to the user.

Until then you can present a very simplified UI that just has a big
button/switch that turns everything from "untrusted" to "trusted", with
the default being "untrusted" of course.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the devel mailing list