-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Some random thoughts: 1) it would be nice to have capabilities like "do you want to let program X talk to the internet/receive connections" for client software with a GUI notification (like basically all the windows client/Mac OS X client firewall stuff). I would say this is probably the biggest capability needed for normal end users. 2) Tying firewall into networking detection, e.g. windows "is this your home/business/public network" and then remembering it (I assume IP/Mac address of default gateway would be a reasonably good way to identify networks). 3) Make it easy to modify policy, e.g. in section 1) if you choose to block/deny something and realize that was the wrong decision how do you go in an modify it? In Windows this is a PITA for normal users. Overall I'm not really sure firewalld solves much, anyone running a server will probably be able to tweak iptables to allow incoming services they want. So do we aim it at the end user/workstation style usage primarily (especially ones that move around networks)? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSQdXYAAoJEBYNRVNeJnmTC6wQAIW3HNlAqfSkMSZqbFG6kbj/ GOlnzjJOrUzt/LWwOGPCTmg/GgSOHrT4t1gT1577sL2LM5wPGCF/oll84RehiZd8 PXNiyq3QnsOJFLjmEbm1YfGpDGae5+uR4IR3Bm1MVHBjvquhlqaje0b1yI2gs8Do LY9sXeGmYh+YjKIUDJrOCCS/I/xE8Zl4D+aU/s1BumV9LxwsOURTzXv5x32C8zwS 5MH5rvX9LO5vJn0VMByRsoXrCSybyLnRmsDvAH9yYx+WjforKsU4wq2QVLYDtjU/ 0TO/n7qP1WO7doixYLymxwm+Fnk8J7HGa2t/2of2ZvX2AB3eRLmzj+tKzKohZR4H jxCLImHLx/puPr6VA/4ENSrHltCCbTSDvlZGxTHAeHwszmQzYMXZ8Qv/leRf4ThO E3wvuoIpgUWSEbE8RjVmXjX/Cd1GYz6ns35ydy2kZgHr4AfQifF+hdWHPP63/hrJ C21iZylvIMJKF2cWOXwR4X+Zr9tDthf+UDeEE3J/uQAfj3LDvjdHXqd0xcgOSrae nP0hPHj0apZrzY0zJfcn3JNipRDDl3qNgs8Q8tFAut5WvubCdLlVFXvLWMs6mOA2 6TmN4ZzEh0zfeGLq+LZ1kAY0ZsIds9ziyKsxAPGlTQz3Ax9rjb40BOwClHc4wbOF 6DzOg7WN87fRSO/wCTy3 =dDnL -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
