2014-04-28 18:59 GMT+02:00 Reindl Harald <h.reindl@xxxxxxxxxxxxx>:
MireAm 28.04.2014 18:52, schrieb Miloslav Trmač:
> No no no no no. If you want a firewall "integrated" /that/ way, you are really
> better of uninstalling it or opening it up; it serves no purpose.no, even if that way is completly wrong it's better than no firewall
as i have explained multiple times there may run software not from
the Fedora repos which opens ports unintentionally from the users
point of view and especially a user with no network expierience
will not realize that - and yes that software matters because
we are talking about a *operating system*
Well if the users' expectations were that the firewall doesn't "interfere" with Fedora applications, why would they expect it to "interfere" with non-Fedora applications?
the next thing is when it comes to malware opening ports
there are two types of malware:
* privilege escalation (you have lost)
* crap try to open a unprivileged port with user permissions
The second case is a subset of the first one anyway :)
And doesn't every malware know to make an _outgoing_ connection to an IRC server nowadays? Stopping malware by blocking incoming connections is fairly illusory IMHO.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
