On Monday, August 26, 2019 7:25:27 AM MST Iñaki Ucar wrote: > On Mon, 26 Aug 2019 at 15:25, Robert Marcano <robert@xxxxxxxxxxxxxxxxx> > wrote: > > > > > > On 8/26/19 9:07 AM, mcatanzaro@xxxxxxxxx wrote: > > > > > > > > > > > Well the thing is, blocknig ports tends to break applications that want > > > to use those ports. We're not going to do that, period. It also doesn't > > > really accomplish anything: either your app or service needs network > > > access and you have whitelisted it (in which case the firewall provides > > > no security), or it needs network access and you have not whitelisted > > > it > > > (in which case your firewall breaks your app/service). In no case does > > > it increase your security without breaking your app, right? Unless you > > > have malware installed (in which case, you have bigger problems than > > > the > > > firewall). Or unless you have a vulnerable network service installed > > > that you don't want (in which case, uninstall it). > > > > > > > > This is a reasonable point of view, until you notice Linux desktops > > evironments don't provide applications with a method to detect if they > > are running on a private network or not (See Windows Home, Office, > > Internet network settings). > > > That's a very good point. When Windows connects to a new network, it > asks whether it's a home connection (and then you want to share > resources in the network) or it's a public connection (and everything > should stay private). And I think that, if the user simply ignores the > notification, the default is to consider it a public network (not 100% > sure though). That's a good policy I think, and it would be great if > NetworkManager could do that. > > I understand mcatanzaro's point of view, but it's quite narrow, > because laptops not only connect to home networks to share resources, > but also to many insecure public WiFis. I don't think we should rely > on chasing upstream developers to behave in a *possibly* insecure > environment. The system should abstract this for them and set proper > firewall rules. > > Iñaki > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List > Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List > Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Keep in mind that even Windows doesn't address the use case where you set it to Home or Business, or whatever the private setting is, and then plug in a connection to a public network. It thinks it's still the same. -- John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx> Splentity https://splentity.com/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
