Hello,
On 09/16/2013 07:55 AM, P J P wrote:
Hello Tomasz,
----- Original Message -----
From: Tomasz Torcz <tomek@xxxxxxxxxxxxxx>
Subject: Re: About F19 Firewall
You seem to have missed this Fedora *18* feature:
https://fedoraproject.org/wiki/Features/firewalld-default
firewall-cmd is supposed to isolate user from all this chains.
Yep, true. My contention is not with the tool, but with the complexity it adds to the rules with all the zones and sub-chains and user-space tooling around it.
-> https://fedoraproject.org/wiki/FirewallD
As I suspected a zone describes a network one is currently connected in. It could be home, work, public(wifi at a coffee shop) etc. That means one must keep shifting from home to work to home and in between public for coffee-shop. I wonder who's going to do that every day. If they don't they either don't get to use the network services or are not protected enough. Ex. one always has the 'public' zone rules activated.
You do not have to do this. If you are binding your home wifi connection
to the home zone, this will be handled automatically for you. NM sends a
request to firewalld to add the interface(s) related to a connection
into a zone. If the zone is not set, then the default zone will be used.
If the zone is set and exists, then this zone will be used.
Everything that is not set differently is part of the default zone.
That's mDNS, widely used in zeroconf discovery (for example, printers).
I did not mean why is it used, but who needs it. I think for most users such configurations are fairly static that mDNS & avahi can be disabled after their first usage/discovery. Having a service/port open all the time, when you don't need it, isn't a good thing.
This was not my decision. You can disable it in the zones if you do not
want to have it.
---
Regards
-Prasad
http://feedmug.com
Regards,
Thomas
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
