Re: Fedora Workstation and disabled by default firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Well the thing is, blocknig ports tends to break applications that want to use those ports. We're not going to do that, period. It also doesn't really accomplish anything: either your app or service needs network access and you have whitelisted it (in which case the firewall provides no security), or it needs network access and you have not whitelisted it (in which case your firewall breaks your app/service). In no case does it increase your security without breaking your app, right? Unless you have malware installed (in which case, you have bigger problems than the firewall). Or unless you have a vulnerable network service installed that you don't want (in which case, uninstall it).

So if you want to change the firewall settings, you'd need to completely rethink how the firewall works. And nobody seems interested in doing that. We could e.g. have a list of apps th at are allowed network access, but then we'd need some form of attestation so apps can't impersonate each other. So only sandboxed (flatpaked) apps could use this hypothetical new firewall. And we surely don't want to have yes/no permission prompts, so we can't really ask the user "do you want your app to access the network?" (the user will almost always say yes). I'm not really sure what design would even work.

Avoiding unnecessary network services makes more sense.

On Mon, Aug 26, 2019 at 3:45 PM, Alexander Ploumistos <alex.ploumistos@xxxxxxxxx> wrote:

Thanks for dredging up these links!

Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux