2010/12/7 Tomas Mraz <tmraz@xxxxxxxxxx>: > On Mon, 2010-12-06 at 20:08 -0600, Chris Adams wrote: >> Once upon a time, Adam Williamson <awilliam@xxxxxxxxxx> said: >> > On most laptops, however, which are the most common types of system sold >> > today, a firewall is very definitely needed when you're connecting to >> > hotel networks, public wifi access points... >> >> The only thing you need a firewall by default for is to prevent services >> that are listening on the network from being accessible. The better >> solution is to stop having services listen on the network by default. >> >> This was done for sendmail many years ago; why hasn't it been done for >> other things, such as rpcbind (and RPC services), cups, etc.? These >> daemons should bind to localhost only unless otherwise configured. > In the cups case might be probably reasonable to default to localhost. > However for rpcbind it is clearly not so - what's the point of starting > things that are mostly needed for NFS when you would be able to mount > only NFS provided by the localhost and export it to the localhost only > as well. In that sense it is debatable whether we want to have rpcbind > ON by default but having it on and bind to localhost only does not make > any sense to me. How many users use NFS on desktop? This is not even used on all servers. So the question is - do we want to have NFS by default? I use samba and I don't want to force all users to install it by default. > -- > Tomas Mraz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > -- Best regards, Michal Sent from my iToaster -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
