F21 System Wide Change: Workstation: Disable firewall

drago01 drago01 at gmail.com
Sun Apr 20 20:44:39 UTC 2014


On Sun, Apr 20, 2014 at 10:15 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>
>
> Am 20.04.2014 20:19, schrieb drago01:
>> On Sun, Apr 20, 2014 at 6:53 PM, Kevin Kofler <kevin.kofler at chello.at> wrote:
>>> Christian Schaller wrote:
>>>> where we at the same time need to allow each user to have any port they
>>>> desire opened for traffic to make sure things like DLNA or Chromecast
>>>> works.
>>>
>>> Such things MUST NOT be enabled by default.
>>
>> No one suggested that. Currently the user enables them and they do not
>> work until after he/she disables the firewall
>
> wrong - until he *configures* the firewall

If that knowledge is present sure. If it isn't then either "this shit
does not work" or the
user will somehow find out that it is caused by the firewall and try
to disable it.

> to open the needed ports
> if that can't be half-automated with confirmation in any case
>
> even open the ports full automated should be strongly prohibited

The user did chose to share data ... configure the firewall to allow
it automatically
should not be "strongly prohibited" because the user have chosen to
share the data.
Showing him information that the data would be shared to everyone on
this network
is fine but as soon as you go into implementation details and talk
about ports you lost
the user and he/she will just click "yes/ok/continue" ...

> because taking away the users control is *not* why Linux as
> project was staretd

Again strawman .. its not about taking control from the user (you
still can control the firewall settings),
but let the computer do work in an automated way for the user i.e "why
computers have been created".

> i doubt that *any* software on this planet needs the firewall to be
> completly disbaled and if such crap was written because using random
> ports for no good reason it has no existence authority

No it does indeed not *need* to be completely disabled but apps should
not open random ports without any reason to begin with
(we should not ship those and we have a rule to not enable network
facing services by default despite of the firewall).


More information about the devel mailing list