F19 Firewall
Kurt Seifried
kseifried at redhat.com
Tue Sep 24 18:11:36 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Some random thoughts:
1) it would be nice to have capabilities like "do you want to let
program X talk to the internet/receive connections" for client
software with a GUI notification (like basically all the windows
client/Mac OS X client firewall stuff). I would say this is probably
the biggest capability needed for normal end users.
2) Tying firewall into networking detection, e.g. windows "is this
your home/business/public network" and then remembering it (I assume
IP/Mac address of default gateway would be a reasonably good way to
identify networks).
3) Make it easy to modify policy, e.g. in section 1) if you choose to
block/deny something and realize that was the wrong decision how do
you go in an modify it? In Windows this is a PITA for normal users.
Overall I'm not really sure firewalld solves much, anyone running a
server will probably be able to tweak iptables to allow incoming
services they want. So do we aim it at the end user/workstation style
usage primarily (especially ones that move around networks)?
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBAgAGBQJSQdXYAAoJEBYNRVNeJnmTC6wQAIW3HNlAqfSkMSZqbFG6kbj/
GOlnzjJOrUzt/LWwOGPCTmg/GgSOHrT4t1gT1577sL2LM5wPGCF/oll84RehiZd8
PXNiyq3QnsOJFLjmEbm1YfGpDGae5+uR4IR3Bm1MVHBjvquhlqaje0b1yI2gs8Do
LY9sXeGmYh+YjKIUDJrOCCS/I/xE8Zl4D+aU/s1BumV9LxwsOURTzXv5x32C8zwS
5MH5rvX9LO5vJn0VMByRsoXrCSybyLnRmsDvAH9yYx+WjforKsU4wq2QVLYDtjU/
0TO/n7qP1WO7doixYLymxwm+Fnk8J7HGa2t/2of2ZvX2AB3eRLmzj+tKzKohZR4H
jxCLImHLx/puPr6VA/4ENSrHltCCbTSDvlZGxTHAeHwszmQzYMXZ8Qv/leRf4ThO
E3wvuoIpgUWSEbE8RjVmXjX/Cd1GYz6ns35ydy2kZgHr4AfQifF+hdWHPP63/hrJ
C21iZylvIMJKF2cWOXwR4X+Zr9tDthf+UDeEE3J/uQAfj3LDvjdHXqd0xcgOSrae
nP0hPHj0apZrzY0zJfcn3JNipRDDl3qNgs8Q8tFAut5WvubCdLlVFXvLWMs6mOA2
6TmN4ZzEh0zfeGLq+LZ1kAY0ZsIds9ziyKsxAPGlTQz3Ax9rjb40BOwClHc4wbOF
6DzOg7WN87fRSO/wCTy3
=dDnL
-----END PGP SIGNATURE-----
More information about the security
mailing list