F21 System Wide Change: Workstation: Disable firewall
leamas.alec at gmail.com
Wed Apr 16 07:56:18 UTC 2014
On 4/15/14, Michael Catanzaro <mcatanzaro at gnome.org> wrote:
> On Tue, 2014-04-15 at 20:31 +0200, Alec Leamas wrote:
>> Anyway, I get the feeling that the hunt for the "really proper" fix is
>> not that fruitful here. OTOH, if you limit the goals to fulfill the
>> basic statement to not let the default configuration of firewalld
>> block the functionality of the default Workstations applications it
>> should certainly be doable without writing a new firewall. Not the
>> most elegant, ultimate solution, but something which solves the
>> problem at hand.
> Yes, that's definitely the goal here. The Workstation technical spec
> does not say "no firewall," it just says "the firewall must not break
> default applications." That seems like a reasonable place to draw the
> line between security and usability.
With the addendum that this can really only be done in a sane way if
the network environment is trusted. Sharing music is not a sensible
default on an un-trusted network. The user is the only one who knows
if current location is trusted.
Seems that most things could be done using zones. But the GUI needs an
overhaul to let user have a better way to select zone. I like the idea
of a simple "Trusted network [Yes/No]" type of choice, it should be
enough for the Workstation scenarios (?).
A thing here: once upon a time I read something about normal user
operation requiring root password should be considered a bug. If this
is still applicable (IMHO, it should be) there are some challenges in
the laptop usecase, where user effectively configures the firewall
when connecting to a wifi network marking it as trusted or not.
More information about the devel