On 5.1.2015 15:57, Bastien Nocera wrote: > ----- Original Message ----- >> Björn Persson wrote: >>> I bet! I worry that the questions would quickly become annoying. But if >>> ports are going to be blocked by default, then there needs to be some >>> way for non-sysadmin users to open them. >> >> No, why? The ports just need to be closed, period. Non-sysadmin users >> shouldn't be allowed to open any ports. > > Which leads to users being frustrated at the default firewall, which leads to > them throwing in the towel and disabling the firewall altogether, leading to > worse security. Many people claim this AFAIK nobody posted link to an article/any hard data about this. (I'm not saying that this statement is not correct, I'm saying that I don't have reason to believe it without hard data.) IMHO solution to this problem is what Stephen Gallagher proposed in other part of this thread: > I'd argue that something similar to the SELinux Troubleshooter would be > a useful solution here, if interfaces could be added to support it. -- Petr^2 Spacek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
