"Workstation" Product defaults to wide-open firewall

Robert Marcano robert at marcanoonline.com
Tue Dec 9 20:40:13 UTC 2014

On 12/09/2014 04:04 PM, Chuck Anderson wrote:
> On Tue, Dec 09, 2014 at 01:25:47PM -0700, Pete Travis wrote:
>> On Dec 9, 2014 12:55 PM, "Reindl Harald" <h.reindl at thelounge.net> wrote:
>>> Am 09.12.2014 um 20:51 schrieb Pete Travis:
>>>> Hmm... a whitelist of things that are allowed to ask for firewall
>>>> accommodation doesn't help me develop new applications at all.  And
>>>> you're jumping to a really high level UI thing and just sort of hand
>>>> waving over the mechanism needed to make it all work.  Assigning
>>>> different networks to zones is a different problem compared to a program
>>>> asking for a port.
>>> don't get me wrong but if it is too much asked for you to open a firewall
>> port i don't want to have your network-aware new application on my machines
>> or any machine working in networks i am responsible for
>>> a prerequisite for develop network applications is understanding of
>> network basics and if your application don't use networking you are not
>> affected
>>> --
>> Lets say I do have an understanding of network basics, just for the sake of
>> argument.  I share my application with you.  The application is intended to
>> listen on the network, you know this and want the application for that
>> purpose.  You run the application, it tries to listen to a network port.
>> Magick, prayers, and the ghost of Charles Babbage - or maybe some
>> hypothetical dbus service- does *something* to find out if you really
>> wanted that.  You did.  Neither one of us is is made incompetent by the
>> convenience.
>> Here's the thing: firewalld will let this happen.  at here is a dbus
>> interface.  Thomas has proven more than willing to accommodate RFEs. Nobody
>> is asking for changes that would solve the problem of frustrated users or
>> developers encountering firewall restrictions.  The GNOME folks don't want
>> the UX compromise of rote-clicked dialogs.  Nobody else is suggesting an
>> alternative implementation that actually *improves* the Fedora experience.
>> Ideas get more traction than complaints.
> Gnome doesn't want a dialog.  What other choice is there then besides
> 1) remove firewall?  Because any other choice basically a convoluted
> equivalent to #1.

When a user open the GNOME Share panel, detect running applications that 
have a .desktop file and non localhost open ports, list them there, 
check if ports are open, and let the user decide to open those ports 
that applications has actually listed there, No dialogs, using the same 
existing panel.

Much the same way notifications panel show actual applications, an 
option to open to all user session applications could be there that 
change the default firewalld zone

Just some ideas


More information about the devel mailing list