On Sun, 14 Jun 2009 20:08:31 +0200 Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > Gah. Allowing packages to pierce the firewall just makes the firewall > redundant. > > I still think that the current firewall situation on Fedora is pretty > much broken. It's a bit like SELinux: it's one of the first features > most people disable. I don't see that. Perhaps people don't mention it much, but I very seldom hear from people on #fedora or the forums that they disabled the firewall. (Where I still do hear people say they disabled selinux). > Fedora is the only big distro that enables a firewall by default and from a quick look (feel free to correct me here): debian: no firewall by default ubuntu: default since hardy (ufw) suse: default (SUSEFirewall2) mandriva: default > thus creates a lot of trouble for many users. I think I mentioned that > before, and I can only repeat it here: we should not ship a firewall > enabled by default, like we currently do. If an application cannot be > trusted then it should not be allowed to listen on a port by default > in the first place. A firewall is an extra layer of security that > simply hides the actual problem. I agree somewhat. Some services should not listen by default until they are configured. I don't think disabling the firewall matters tho, those need to be fixed in any case. > Now, it's my impression that some people who control the packages in > question and believe in all this security theater more than I do, seem > to be unwilling to loosen the default firewall. So as a bit of a > compromise here's what I suggest: > > Add a very simple per-interface firewall profile system to > NetworkManager. Something that is easily reachable from the NM > applet. Something with just two simple profiles by default: one that > allows everything for use in trusted networks, and one that just > allows DNS, HTTP, VPN for use in untrusted networks (i.e. airport > APs). Admins could then add more profiles if they feel the need for > it. And one could bind those profiles to specific networks, so that > people would just have to configure them once. Of course, as > mentioned, these firewall profiles need to be per-interface so that a > vpn interface can be trusted, while the underlying WLAN iface doesn't > have to be trusted. Somewhat agreed, but they should use a more general setup like a iptables.d and config files, they should NOT be internal to NetworkManager or perhaps even managed by it (it could call system-config-firewall or something). > Lennart kevin
Attachment:
signature.asc
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
