an that is why we need a firewall -> Re: When a yum update sets up an MTA ...
mitr at volny.cz
Mon Apr 28 17:27:34 UTC 2014
2014-04-28 19:13 GMT+02:00 Reindl Harald <h.reindl at thelounge.net>:
> Am 28.04.2014 19:04, schrieb Miloslav Trmač:
> > 2014-04-28 18:59 GMT+02:00 Reindl Harald <h.reindl at thelounge.net<mailto:
> h.reindl at thelounge.net>>:
> > Am 28.04.2014 18:52, schrieb Miloslav Trmač:
> > > No no no no no. If you want a firewall "integrated" /that/ way,
> you are really
> > > better of uninstalling it or opening it up; it serves no purpose.
> > no, even if that way is completly wrong it's better than no firewall
> > as i have explained multiple times there may run software not from
> > the Fedora repos which opens ports unintentionally from the users
> > point of view and especially a user with no network expierience
> > will not realize that - and yes that software matters because
> > we are talking about a *operating system*
> > Well if the users' expectations were that the firewall doesn't
> "interfere" with Fedora applications, why would they
> > expect it to "interfere" with non-Fedora applications?
> do i really need to explain that?
> you can make signed fedora packages trusted and allow them
> at install or first start to interact with firewalld
I can't; ptrace() doesn't make such a distinction.
> And doesn't every malware know to make an _outgoing_ connection to an IRC
> server nowadays?
> > Stopping malware by blocking incoming connections is fairly illusory IMHO
> i find it pervert that such basics need to be discussed
> * you can't reahc 100% security, never, in no way
Still, the combined measures need to mitigate at least, say, 75% of cases,
otherwise we're not really having enough impact.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel