On Tue, 2014-04-15 at 10:28 -0400, Christian Schaller wrote: > ----- Original Message ----- > > From: "Reindl Harald" <h.reindl@xxxxxxxxxxxxx> > > To: devel@xxxxxxxxxxxxxxxxxxxxxxx > > Sent: Tuesday, April 15, 2014 11:40:20 AM > > Subject: Re: F21 System Wide Change: Workstation: Disable firewall > > > > > > Am 15.04.2014 11:32, schrieb drago01: > > > On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> > > > wrote: > > > allow any random application to open a unprivlieged > > port which is reachable from outside is dangerous > > > We already allow that and have for a long while. Any application bothering to support the firewalld dbus interface can open any port > they wish to. > > There was a long thread about this on the desktop mailing list, and I was not in the 'disable the firewall' camp in that discussion, > but nobody in that thread or here have articulated how the firewall exactly enhance security in the situation where we at the > same time need to allow each user to have any port they desire opened for traffic to make sure things like DLNA or Chromecast works. > > The thread discussing this ended up with mostly being a discussion if the firewall would be a useful way to help users from accidentally > oversharing on a public network. Which is important and something we want to work on, but a lot less so than security issues. There is plenty of prior art here. What you need is clearly different "zones" that the user can configure and associate to networks, with the default being that you trust nothing and everything is firewalled when you roam a new network. firewalld should grow a NetworkManager plugin so that configuration can be changed on the fly based on which network NM tells firewalld a specific interface is connected to. Applications need to be prevented from being able to arbitrarily open ports, that should be allowed only for a "trusted" zone. User intervention should be needed to mark a zone as trusted, in all other zones the user will have to select explicitly what applications are allowed. So the big work here is in the UI you need to build to present these configurations to the user. Until then you can present a very simplified UI that just has a big button/switch that turns everything from "untrusted" to "trusted", with the default being "untrusted" of course. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
