an that is why we need a firewall -> Re: When a yum update sets up an MTA ...
Miloslav Trmač
mitr at volny.cz
Mon Apr 28 17:04:00 UTC 2014
2014-04-28 18:59 GMT+02:00 Reindl Harald <h.reindl at thelounge.net>:
> Am 28.04.2014 18:52, schrieb Miloslav Trmač:
> > No no no no no. If you want a firewall "integrated" /that/ way, you are
> really
> > better of uninstalling it or opening it up; it serves no purpose.
>
> no, even if that way is completly wrong it's better than no firewall
> as i have explained multiple times there may run software not from
> the Fedora repos which opens ports unintentionally from the users
> point of view and especially a user with no network expierience
> will not realize that - and yes that software matters because
> we are talking about a *operating system*
>
Well if the users' expectations were that the firewall doesn't "interfere"
with Fedora applications, why would they expect it to "interfere" with
non-Fedora applications?
the next thing is when it comes to malware opening ports
> there are two types of malware:
>
> * privilege escalation (you have lost)
> * crap try to open a unprivileged port with user permissions
>
The second case is a subset of the first one anyway :)
And doesn't every malware know to make an _outgoing_ connection to an IRC
server nowadays? Stopping malware by blocking incoming connections is
fairly illusory IMHO.
Mire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140428/338273d1/attachment.html>
More information about the devel
mailing list