Not to mention that firewalld has the concept of services. I never have to know a port number to expose a service if it's defined. `firewall-cmd --add-service=postgresql`... that could just as well be done with a UI without ever showing a port number to a user. If applications that need ports exposed to work in some circumstances have well written service files it should be a non-issue. On Tue, Aug 27, 2019 at 8:56 AM Dan Book <grinnz@xxxxxxxxx> wrote: > > On Tue, Aug 27, 2019 at 8:10 AM <mcatanzaro@xxxxxxxxx> wrote: >> >> On Tue, Aug 27, 2019 at 4:22 AM, John Harris <johnmh@xxxxxxxxxxxxx> wrote: >> >> No, that is not how this works, at all. First, let's go ahead and address the idea that "if the firewall blocks it, the app breaks, so it's the firewall's fault": It's not. If the firewall has not been opened, that just means it can't be accessed by remote systems until you EXPLICITLY open that port, with the correct protocol, on your firewall. That's FINE. That's how it's designed to work. There's nothing wrong with that. This means that the system administrator (or owner, if this is some individual's personal system) must allow the port to be accessed remotely, before the app can be reached remotely, increasing the security of the system. >> >> >> You've already lost me here. Sorry, but we do not and will not install a firewall GUI that exposes complex technical details like port numbers. Expecting users to edit firewall rules to use their apps is ridiculous and I'm not really interested in debating it. >> >> If the user is capable of editing firewall rules and wants to do so, that user can surely also change the policy to not open all these ports. Yes? > > > That Gnome is intentionally sabotaging users and thinks they are too stupid to understand a port number associated with a service is just another example why I wish that Fedora and Redhat would put work into alternative desktops. > > -Dan > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx -- Jason Montleon | email: jmontleo@xxxxxxxxxx Red Hat, Inc. | gpg key: 0x069E3022 Cell: 508-496-0663 | irc: jmontleo / jmontleon _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
