5tFTW: Fedora 21, 22, and 19, firewall discussion, and holiday break

Reindl Harald h.reindl at thelounge.net
Sat Dec 20 21:24:22 UTC 2014


Am 20.12.2014 um 22:19 schrieb Michael Catanzaro:
> On Sat, 2014-12-20 at 17:51 +0100, Mattia Verga wrote:
>> Maybe I put it too simple, but instead of opening all high ports by
>> default what about having firewall rules declared in RPMs for
>> packages
>> that need to have ports opened?
>
> Because we need to support applications that use random ports

first: you should not quote only parts and stop reading premature

what about first try to fix that applications instead burry the default 
firewall to make them happy - since networking is my daily job i see no 
single reason to design a *server* for listen on random ports and there 
is really no single reason to make security decisions based on *one* 
desktop and it's shipped applications
______________________________________

you completly ignored the following paragraph, my guess is because "ask 
the user" is considered harmful by GNOME upstream

The alternative could be a "open approach" from Firewalld, where an 
application, when it's executed, can inform firewalld that needs to open 
a port, firewalld asks the user if it should grant access to the 
application and then opens the port... but this needs to be implemented 
in the source of every application, it can eventually be sponsored to 
become a standard in the linux world.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141220/2829c5c4/attachment.sig>


More information about the devel mailing list