"Workstation" Product defaults to wide-open firewall
Chuck Anderson
cra at WPI.EDU
Tue Dec 9 19:37:50 UTC 2014
On Tue, Dec 09, 2014 at 12:09:23PM -0700, Pete Travis wrote:
> On Dec 9, 2014 12:06 PM, "Chuck Anderson" <cra at wpi.edu> wrote:
> >
> > On Tue, Dec 09, 2014 at 11:52:01AM -0700, Pete Travis wrote:
> > > On Dec 9, 2014 11:33 AM, "Chuck Anderson" <cra at wpi.edu> wrote:
> > > I should have said "ask firewalld for a port to be opened" - sorry, I
> > > thought that would come from the context.
> > >
> > > Are you saying bind() should be talking to firewalld, via some approval
> > > agent? how do we make that happen?
> >
> > My point was that a firewall is superfluous if a program can just ask
> > firewalld to poke a hole in the firewall for it automatically, because
> > a program can already ask the system to open a listening port for it
> > using bind(2) (and listen(2) and accept(2)) when no firewall is
> > present.
> >
> > It means that in a world where automatic-hole-punching exists, the
> > only use of a firewall on the host is maybe to limit the SCOPE of such
> > communication, not whether such communication is allowed at all or
> > not. This is where firewall zones come in.
>
> Okay, one more thing on the ideal requirements list: firewalld must not
> blindly approve all requests, there must be some approval mechanism. What
> would that look like?
You either have a pre-approved policy of what is allowed and what is
not similar to how SELinux policy, PolicyKit rules, and the existing
firewall rule mechanisms work, you ask the user on each request,
similar to how some Windows firewalls work, or you ask the user when
they connect to a network which "zone" to associate that network with,
and use a pre-approved policy for each zone. Zones can be "Home",
"Public", "Work", etc. Windows does this as well.
More information about the devel
mailing list