Am 20.12.2014 um 22:19 schrieb Michael Catanzaro:
On Sat, 2014-12-20 at 17:51 +0100, Mattia Verga wrote:Maybe I put it too simple, but instead of opening all high ports by default what about having firewall rules declared in RPMs for packages that need to have ports opened?Because we need to support applications that use random ports
first: you should not quote only parts and stop reading prematurewhat about first try to fix that applications instead burry the default firewall to make them happy - since networking is my daily job i see no single reason to design a *server* for listen on random ports and there is really no single reason to make security decisions based on *one* desktop and it's shipped applications
______________________________________you completly ignored the following paragraph, my guess is because "ask the user" is considered harmful by GNOME upstream
The alternative could be a "open approach" from Firewalld, where an application, when it's executed, can inform firewalld that needs to open a port, firewalld asks the user if it should grant access to the application and then opens the port... but this needs to be implemented in the source of every application, it can eventually be sponsored to become a standard in the linux world.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
