Hi, > > On the other hand, if you install something and it starts listening and > > you didn’t know that, > > If you install something from Fedora and it does that, then it's a bug in the > application. No. It's you solving your problem with gnome-user-share and declaring the fallout somebody elses problem so you can safely ignore it. > > You can also change the per-network zone. Unfortunately currently wired > > networks are all considered as one per interface, but wireless networks > > are distinguished individually. This can be done in a number of ways, > > but the easiest is to run the network configuration tool (in GNOME > > control center — press the overview key and start typing “network”), > > select the wifi network in question, press the little gear icon next to > > it, go down to Identity (?!), and choose the appropriate firewall zone. > > (Again, there’s a long list — go back to the firewall config tool to see > > exactly what they all do.) > > Thank you for pointing out the main reason why the zones can't ever be > a user-facing concept ;) The fact that the current GUI (and zone naming) sucks big time doesn't imply that the underlying concept is unusable. The big advantage of using firewall zones is that it works outside the gnome universe too. (1) Pulling the qemu/kvm vnc server example again, which you decided to not respond to last time I mentioned it. I want the guests vnc display be reachable in my home networks and not reachable in public networks. Doing it with the firewall works. (2) Heck, even the gnome-user-share UI shows that. Pick "Remote Login", notice that you can NOT select networks for sharing. Yes, I know why you can't pick networks for ssh. But this IMO clearly shows that the "just don't listen on untrusted networks" as distro-wide policy isn't going to fly. cheers, Gerd -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct