"Workstation" Product defaults to wide-open firewall

Tue Dec 9 13:30:45 UTC 2014

----- Original Message -----
> 
> 
> Am 09.12.2014 um 14:16 schrieb Bastien Nocera:
> >> On Tue, Dec 09, 2014 at 12:54:59PM +0100, Gerd Hoffmann wrote:
> >>> Why we can't have something like this?  And if you don't want a popup
> >>> asking, have something in the NetworkManager applet menu, where people
> >>> can easily find the switch without having to search for it?  A "[x]
> >>> allow sharing" checkbox?  A firewall zone selector?
> >>
> >> We can — we just need someone to design and write it.
> >
> > A design for something that we don't want to implement.
> 
> and that is the point - you do not want and care because you seem to
> think users are too stupid to make their own decisions

I never used the word "stupid" and I don't equate not knowing about IP ports
and firewalls to stupidity.

> - you know what
> Linus said to that in direction of GNOME?
> 
> > This was one of the
> > options when implementing the feature, one that we didn't pursue. We chose
> > instead to use "user intent" as a way to do this.
> >
> > If you start sharing something on a network, then we consider it safe to
> > share.
> 
> the problem is that you don't know *who* or *what* opened the port

And with the current scheme, I don't need to know either.

> > If you connect to a public unencrypted Wi-Fi, you won't have the option to.
> > If
> > you connect to an encrypted Wi-Fi where sharing your holiday photos isn't
> > acceptable
> > then it won't, because you didn't ask it to in the first place
> 
> besides suspend / move machine

If you suspend or disconnect from the network, sharing is disabled. If you
connect to another network, sharing is disabled (unless it was previously
enabled, by the user). It's also possible to disable sharing for networks you're
not connected to.

> a sane firewall design (sadly Windows has that in the meantime) is that
> if i open a port in my homenetwork, supsend the machine and wake it up
> in a foreign network ports are closed until i decide to open them there
> too, but Fedora goes the easy way "who cares how and why as long things
> appear to work"
> 
> *who* told you that people don't share things *unintentional* by a wrong
> click which is *not* a problem until you decide to open ports

Making people click twice isn't a security feature. If the user intended on Sharing
something, which is likely if you need to go to the Sharing settings to do so,
why do you try to second guess him/her by having a 2nd level of question, completely
disconnected from the original request.

I could add a "are you sure you want to share this" dialogue, which would have the
same amount of security as your solution...