Re: Removing firewall-config from the default install of Fedora Workstation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Fri, Aug 22, 2014 at 10:44 AM, drago01 <drago01@xxxxxxxxx> wrote:
> On Fri, Aug 22, 2014 at 4:33 PM, Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> wrote:
>> On Fri, Aug 22, 2014 at 10:12 AM, Michael Catanzaro
>> <mcatanzaro@xxxxxxxxx> wrote:
>>>> I would personally strongly recommend to keep the firewall
>>>> configuration
>>>> utility in Fedora Workstation to allow server application developers
>>>> and
>>>> also others to have an easy way to configure their firewall settings
>>>> according to their needs.
>>>
>>> I don't think firewall-config is even remotely close to an easy way to
>>> configure firewall settings. It's obviously a tool intended for advanced
>>> users only, which is why we suggest removing it -- we're trying really
>>> hard to get rid of anything that requires technical expertise to use.
>>> But it's possible that we may want to make an exception for
>>> firewall-config.
>>>
>>> I'm not sure how to make firewall configuration easy, and I suspect it
>>> may not be possible, but you'd have to start with removing all mention
>>> of ports ("my computer only has six ports!") and services ("why is http
>>> not checked, that must by why my Internet is broken") ("AMANDA! What is
>>> this amanda-client you're running on my network!"). I guess an easy
>>> firewall configuration tool would be a list of applications with an on
>>> or off switch to configure whether that application should be allowed to
>>> access the network. That's the sort of firewall configuration I would be
>>> more enthusiastic to install by default, but that would not be useful at
>>> all for developers.
>>
>> Slightly orthogonal, but the original discussion wasn't about specific
>> ports/apps but more about what to do when a user switches from one
>> network to another.  firewalld-config has the concept of zones for
>> this, but the UI isn't immediately clear.  I thought someone was
>> looking at making changes in GNOME and/or NetworkManager to prompt for
>> a "security level" etc.  What happened to that work?
>
> https://wiki.gnome.org/ThreePointThirteen/Features/SharingNetworkAwareness

Thanks, that is the feature/bug I was remembering.  So it's in 3.14
already under the Sharing settings.

What is unclear to me is if a dialog pops up when a network change is
detected, or if there is no dialog does it default to off for a new
network?  (Apologies, I don't have a separate network to test at the
moment).

josh
-- 
desktop mailing list
desktop@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/desktop
[Index of Archives]     [Fedora Users]     [Fedora KDE]     [Fedora Announce]     [Fedora Docs]     [Fedora Config]     [PAM]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux