F21 System Wide Change: Workstation: Disable firewall
cra at WPI.EDU
Wed Apr 16 00:18:25 UTC 2014
On Tue, Apr 15, 2014 at 07:28:35PM -0400, Simo Sorce wrote:
> On Tue, 2014-04-15 at 13:49 -0700, Matthias Clasen wrote:
> > You have connected to an new network. If this is a public network, you
> > may want to stop sharing your Music and disable Remote Logins.
> > [Turn off sharing] [Continue sharing] [Sharing Preferences...]
> So if you have 4 different services you gfet flooded with a ton of
> questions ?
> Sounds like a bad idea.
> > And we will remember this for when you later reconnect to the same
> > network.
> If you set a *zone* instead then you have to remember only one
> association: network -> zone, and you know where to go to change that,
> and to change in which zones an application is allowed to listen,
> instead of having tens of one offs.
> > When we have this infrastructure, we can use this information to also
> > set the network zone to Home/Public - I don't think the long list of
> > zones I showed above makes any sense. Either you are at home and
> > comfortable sharing the network, or not.
> A long list does not make sense by default, ideally the default is that
> you have only 2 zones: trusted/untruuted (you can choose whatever
> names), if the users wants more flexibility then they would create new
> zones (like home, work, cafe, library, etc..) perhaps by cloning
> existing ones and then tweak the list of applications allowed to serve
> content in those zones.
> It would be better if the association were per-application rather then
> nameless ports.
Additionally, some "zones" should be bound to a certain network scope.
Today you could say "Home" or "Trusted" for your RFC1918-behind-NAT
network at home, but tomorrow your ISP could enable IPv6 and all of a
sudden your system connected to that subnet is exposed to the whole
world... So you really need some concept of scope to attach to the
zone so you can only allow connections from within that scope. The
hard part is how to define that scope. I believe Windows defaults to
"local subnet" when you choose Home.
More information about the devel