an that is why we need a firewall -> Re: When a yum update sets up an MTA ...
mitr at volny.cz
Mon Apr 28 17:04:00 UTC 2014
2014-04-28 18:59 GMT+02:00 Reindl Harald <h.reindl at thelounge.net>:
> Am 28.04.2014 18:52, schrieb Miloslav Trmač:
> > No no no no no. If you want a firewall "integrated" /that/ way, you are
> > better of uninstalling it or opening it up; it serves no purpose.
> no, even if that way is completly wrong it's better than no firewall
> as i have explained multiple times there may run software not from
> the Fedora repos which opens ports unintentionally from the users
> point of view and especially a user with no network expierience
> will not realize that - and yes that software matters because
> we are talking about a *operating system*
Well if the users' expectations were that the firewall doesn't "interfere"
with Fedora applications, why would they expect it to "interfere" with
the next thing is when it comes to malware opening ports
> there are two types of malware:
> * privilege escalation (you have lost)
> * crap try to open a unprivileged port with user permissions
The second case is a subset of the first one anyway :)
And doesn't every malware know to make an _outgoing_ connection to an IRC
server nowadays? Stopping malware by blocking incoming connections is
fairly illusory IMHO.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel