>> > Hi, >> > I ended up calling the firewalld maintainer to understand the state of things >> > and there is this concept in firewalld called zones that we should be able to >> > use to create a better user experience, yet at the same time keep the >> > firewall >> > working when people connect with their laptop at an internet cafe for >> > instance. >> >> Right. But firewalld can't a Fedora-only solution, otherwise no application developer >> will want to integrate with it. >> >> We'd also need designs based around that, and see if firewalld is indeed the right >> technical solution. >> >> Right now, we don't even know whether a firewall is required, or it's just a >> work-around for applications that aren't integrated. > > I fully agree with Bastien here. I don't think a firewall brings any > benefit on th desktop, and particularly not in the implementation of > firewalld. There are better ways to make sure the local system is not > vulnerable, and in its current state firewalld just creates problems and > slows down the boot immensly (it's the number 1 slowest component on > Fedora, right now.) On a properly configured system basically the average desktop should have little to no services listening and those that are likely are allowed through the firewall anyway so aren't protected by a firewall. Ultimately though we should likely offer a means to detect when on a public or private network and bring up the firewall on the former to protect the user as they're unlikely to want to share their dlna media with most people on a public network. Peter -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
