On Mon, 2008-10-27 at 19:21 +0000, Rui Tiago Cação Matos wrote: > 2008/10/27 seth vidal <skvidal@xxxxxxxxxxxxxxxxx>: > >> Just disable the firewall (service iptables stop)? That's what I do > >> anyway. IMNSHO, these days the firewall is a relic from the 1990's era. > >> It breaks at least mDNS (e.g. .local name resolution), gnome-user-share, > >> banshee/rhythmbox etc. music sharing. I also think we should also > >> disable the firewall for the desktop spin. > >> > > > > That's outrageously dangerous. > > Please tell us why then. I also disable the firewall services since I > don't have any TCP servers listening to the outside world. We have a number of applications that end of listening on random ports. At which point the system is vulnerable (or sometimes just the user) is vulnerable to whatever those daemons are vulnerable to. If the firewall is on and setup to deny all, allow few then we're markedly safer for the odd port-listening daemons. If the process needs to be able to listen on an external port then that needs to be enabled separately. You don't just turn off all the rules as a solution. -sv -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
