"Workstation" Product defaults to wide-open firewall

Robert Marcano robert at marcanoonline.com
Tue Dec 9 19:16:43 UTC 2014


On 12/09/2014 02:19 PM, Reindl Harald wrote:
>
> Am 09.12.2014 um 19:45 schrieb Bastien Nocera:
>>> Richard Hughes wrote:
>>>> So do I! I'm a developer, which spin do I use so that the firewall
>>>> doesn't get in my way? We can't develop a *product* based around what
>>>> you specifically want, not me, nor anyone else on this list.
>>>
>>> If you're a developer, surely you know what a port is and can make a few
>>> clicks in firewall-config or system-config-firewall to open it! A
>>> "developer" who can't even figure that out is a HORRIBLE developer!
>>
>> Still waiting for that answer about the rygel use case. You'll see how
>> much of a HORRIBLE setup this can be...
>
> wrong question
>
> if there is a software which changes it's listening port randomly than
> fix that broken by design software instead ruin the firewall
>
> there is *no single* technical reason to chose a random port

I don't like the new default but I say that there are reasons for that. 
Example: two simultaneous users on differente sessions want to share 
music. The solution, define a port range for the default rygel 
installation, and the firewall UI should know the ranges Rygel uses.


>
> frankly FTP is also that broken by design but at least it has ALG /
> helpers to make it useable, design a service past 2010 the same way is
> broken by design
>
> so you can fix that crap or design something like "nf_nat_ftp" or
> "nf_conntrack_ftp" for it
>
>
>



More information about the devel mailing list