"Workstation" Product defaults to wide-open firewall
Bastien Nocera
bnocera at redhat.com
Wed Dec 10 00:43:59 UTC 2014
----- Original Message -----
> On 9 December 2014 at 13:47, Matthew Miller <mattdm at fedoraproject.org> wrote:
> > On Tue, Dec 09, 2014 at 01:11:33PM +0000, Ian Malone wrote:
> >> > have a proposal for a new spin focused on privacy and security — the
> >> > Netizen Spin. (If you're interested, I think that could use additional
> >> > contributors.)
> >> I was under the impression spins were to be phased out. I could be
> >> wrong, the discussion was about the time of the product proposal.
> >
> > That's wrong; the clear outcome of that discussion was that we want to
> > keep them, and provide more flexiblity and opportunity for spins
> > maintainers as well.
> >
>
> Well that's some good news to come out of this at least.
>
> > Everyone knows that there are improvements to be made, but it's _not_
> > an easy problem. Contributions are welcome towards making that better
> > for F22 and beyond. (Use cases. Design mockups. Code....)
> >
>
> Rather time poor at the moment and not a gnome developer
> unfortunately. Does rather sound like things like rygel need fixed,
> but as I have no intention of ever using it I'm not highly motivated
> to do something about it.
Just like Reindl you make the mistake of thinking that rygel needs to be fixed
or that it's the only service impacted by this scheme. It's not, and it was
pointed out in earlier mails.
The full explanation of the final designs is here:
http://www.hadess.net/2014/06/firewalls-and-per-network-sharing.html
The plan of implementation for Fedora was posted here:
http://article.gmane.org/gmane.linux.redhat.fedora.desktop/9883/
And the list of default services with an explanation of which ports are
used is here:
https://docs.google.com/spreadsheets/d/103SAK-7ch5wpGiCP3KF9CYlIhLQFTy9SSvBvBziWBZc/edit?usp=sharing
For example, RTSP streaming, Rhythmbox remote control for iOS, music sharing via DAAP,
DLNA sharing via rygel, but also DLNA client usage (through Videos), and VNC are impacted.
This is a non-exhaustive list for the default applications in the Workstation version.
Removing rygel won't fix all the other use cases. In fact, it will cripple the default
installation with less features, and won't help the other features work. A lose-lose situation.
Cheers
More information about the devel
mailing list