On Tue, Dec 09, 2014 at 12:09:23PM -0700, Pete Travis wrote: > On Dec 9, 2014 12:06 PM, "Chuck Anderson" <cra@xxxxxxx> wrote: > > > > On Tue, Dec 09, 2014 at 11:52:01AM -0700, Pete Travis wrote: > > > On Dec 9, 2014 11:33 AM, "Chuck Anderson" <cra@xxxxxxx> wrote: > > > I should have said "ask firewalld for a port to be opened" - sorry, I > > > thought that would come from the context. > > > > > > Are you saying bind() should be talking to firewalld, via some approval > > > agent? how do we make that happen? > > > > My point was that a firewall is superfluous if a program can just ask > > firewalld to poke a hole in the firewall for it automatically, because > > a program can already ask the system to open a listening port for it > > using bind(2) (and listen(2) and accept(2)) when no firewall is > > present. > > > > It means that in a world where automatic-hole-punching exists, the > > only use of a firewall on the host is maybe to limit the SCOPE of such > > communication, not whether such communication is allowed at all or > > not. This is where firewall zones come in. > > Okay, one more thing on the ideal requirements list: firewalld must not > blindly approve all requests, there must be some approval mechanism. What > would that look like? You either have a pre-approved policy of what is allowed and what is not similar to how SELinux policy, PolicyKit rules, and the existing firewall rule mechanisms work, you ask the user on each request, similar to how some Windows firewalls work, or you ask the user when they connect to a network which "zone" to associate that network with, and use a pre-approved policy for each zone. Zones can be "Home", "Public", "Work", etc. Windows does this as well. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
