Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: [...] > Gah. Allowing packages to pierce the firewall just makes the firewall > redundant. Not entirely. > I still think that the current firewall situation on Fedora is pretty > much broken. It's a bit like SELinux: it's one of the first features > most people disable. Strange... I've rarely had any reason to futz around with the firewall here. Neither with SELinux, at least for a long while now. > Fedora is the only big distro that enables a firewall by default and > thus creates a lot of trouble for many users. I think I mentioned that > before, and I can only repeat it here: we should not ship a firewall > enabled by default, like we currently do. If an application cannot be > trusted then it should not be allowed to listen on a port by default > in the first place. A firewall is an extra layer of security that > simply hides the actual problem. True. But "another layer of security" /is/ a good idea, most of the time. -- Dr. Horst H. von Brand User #22616 counter.li.org Departamento de Informatica Fono: +56 32 2654431 Universidad Tecnica Federico Santa Maria +56 32 2654239 Casilla 110-V, Valparaiso, Chile 2340000 Fax: +56 32 2797513 -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
