On Fri, Jul 24, 2009 at 10:34 AM, Colin Walters<walters@xxxxxxxxxx> wrote: <SNIP> > > Backing up a minute, in discussions among the desktop team and other > people about this, one thing that came up as a specific problem with > having no firewall at all was the "public WiFi hotspot" case. If for > example I enable desktop sharing before leaving work, then head to the > airport, and log on there to WiFi, you really don't want the desktop > sharing still enabled. Nor likely do you want sshd. > > In most of the other cases I can think of though, the firewall is > either a hindrance (trusted network at home or office), or pointless > (connected via 3G modem). > > Which leads me to think that rather than being based on individual > ports and time, we just need a nice way to globally toggle the > firewall. And that could come down to marking networks as explicitly > trusted in NetworkManager, say. <SNIP> Might we want to look at having "firewall profiles" such that different sets of rules can be applied based on environment? Also, is this planned to modify /etc/sysconfig/iptables and just restart the service or is the plan to take a FireStarter approach and be a substitute for /etc/sysconfig/iptables? -Adam -- http://maxamillion.googlepages.com --------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
