Re: RFE: FireKit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/24/2009 11:34 AM, Colin Walters wrote:
> Backing up a minute, in discussions among the desktop team and other
> people about this, one thing that came up as a specific problem with
> having no firewall at all was the "public WiFi hotspot" case.  If for
> example I enable desktop sharing before leaving work, then head to the
> airport, and log on there to WiFi, you really don't want the desktop
> sharing still enabled.  Nor likely do you want sshd.
> 
> In most of the other cases I can think of though, the firewall is
> either a hindrance (trusted network at home or office), or pointless
> (connected via 3G modem).
>
> Which leads me to think that rather than being based on individual
> ports and time, we just need a nice way to globally toggle the
> firewall.  And that could come down to marking networks as explicitly
> trusted in NetworkManager, say.

Bah! If the user checks a box saying the network can be trusted then we
should use that as evidence against him. :) Firewalls are "crunchy on
the outside but chewy on the inside". How many of our users have a
not-fully-patched Windows box on their "trusted" home network? (Or even
an active malware infestation.)

And what if you and a friend are at the airport and you want to share a
file? Do you have to mark the airport wifi network trusted?

It seems like it would be better to use selinux here than a firewall.

-- Dan

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux