5tFTW: Fedora 21, 22, and 19, firewall discussion, and holiday break

Mattia Verga mattia.verga at tiscali.it
Sat Dec 20 16:51:18 UTC 2014


Il 17/12/2014 20:38, Matthew Miller ha scritto:
> This is clearly, not the most friendly approach; it’s my understanding
> that the desktop designers, network tools team, and security team are
> going to work together to develop a better overall solution for Fedora
> 22 and beyond.
>
>
Maybe I put it too simple, but instead of opening all high ports by 
default what about having firewall rules declared in RPMs for packages 
that need to have ports opened? I mean, creating a script in the %post 
section of the specfile where the packager can tell firewalld to open up 
one or more ports. I know it's not perfect, because this solution covers 
only packages that come from official repositories, but this can be a 
start.

The alternative could be a "open approach" from Firewalld, where an 
application, when it's executed, can inform firewalld that needs to open 
a port, firewalld asks the user if it should grant access to the 
application and then opens the port... but this needs to be implemented 
in the source of every application, it can eventually be sponsored to 
become a standard in the linux world.


More information about the devel mailing list