On Sun, 14 Jun 2009, Lennart Poettering wrote: > much broken. It's a bit like SELinux: it's one of the first features > most people disable. False. Most people leave SELinux enabled, according to the smolt stats which have been collecting since the F8 era. > Fedora is the only big distro that enables a firewall by default and > thus creates a lot of trouble for many users. I think I mentioned that > before, and I can only repeat it here: we should not ship a firewall > enabled by default, like we currently do. If an application cannot be > trusted then it should not be allowed to listen on a port by default > in the first place. A firewall is an extra layer of security that > simply hides the actual problem. The problem is that you never really know how trustworthy an application is. All software has bugs, and some of those will be exploitable. A significant purpose of firewalling and tighter security policy (e.g. SELinux MAC) is to help reduce the impact of bugs (and misconfiguration) when they occur. - James -- James Morris <jmorris@xxxxxxxxx> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
