On Fri, Apr 7, 2017 at 3:03 PM, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > On Fri, Apr 07, 2017 at 10:09:30PM +0200, Lars Seipel wrote: >> Please no. I find this utterly confusing. What is the difference between >> a "trusted home" and a "trusted work" network? Why does it even matter >> if "all the computers on this network" are at my home or my workplace? > > Huh. I find the resistance to this to be the confusing thing. Do you > really not know, or are you imaging that a user might not know? At this point, I think all networks are untrusted. My own network is only very marginally more trusted. The distinction between work and home networks - meaningless. I do a lot of consulting and some of those networks are heavily filtered with firewalls, and other work environments are probably more infected inside the organization than the internet itself. So "work" to me is like a sewage system, I just have no idea how much it's being used or flushed. > I very, > very much want to have a restrictive package filter running at all > times when I'm on a foreign network, and allow a more open firewall on > my own. I know how to configure that, but that's because *I* took a > deep dive into the documentation. If I had the option of making this > choice when connnecting to the network for the first time, I'd > absolutely understand it and know exactly what I wanted. It's a bit off topic, but... Originally with the firewalld feature change, we were supposed to get a GUI configuration tool, in fact the GUI tool was considered the primary configuration tool, not CLI. But Workstation WG canned that idea because they hated the UI, and said something else was needed instead, but nothing has appeared. So I think that needs to be re-evaluated as a default. macOS has a firewall, it's off by default. But they also sandbox pretty much everything these days. When enabling the firewall, it gets pretty restrictive, and is made less restrictive by adding applications to it. And it dynamically figures out what resources that app wants and basically permits it. It's a brain dead simple UI. -- Chris Murphy _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
