On Mon, 2008-10-27 at 21:49 +0100, Lennart Poettering wrote: > > Disabling firewalls on individual systems be they desktops or servers is > > a BAD idea. Full stop. > > That is nonsense. > > Firewalls on a desktop make no sense, and David is right is that it is > a relic and not much more. It's paranoia at best to keep this > installed by default. I don't know what kind of desktops you're referring to but desktops are the soft-squishy inside that gets large corporate networks in deep trouble when there is an border fw breach. This is why it is important to have a multi-layered security policy/infrastructure. 1. border fw 2. host-based fw - including desktops 3. deny-all policies at the system level 4. well-audited apps that are runnable 5. restrictive policies on what can be run at all. If you want to argue that enhancing the firewall technology that we are currently using to allow a more nuanced user-interaction other than 'on' or 'off' that's fine by me - but relying on selinux to solve all network-border issues seems like the wrong tool for the job. -sv -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
