Re: Fedora Workstation and disabled by default firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Not to mention that firewalld has the concept of services. I never
have to know a port number to expose a service if it's defined.
`firewall-cmd --add-service=postgresql`... that could just as well be
done with a UI without ever showing a port number to a user.

If applications that need ports exposed to work in some circumstances
have well written service files it should be a non-issue.

On Tue, Aug 27, 2019 at 8:56 AM Dan Book <grinnz@xxxxxxxxx> wrote:
>
> On Tue, Aug 27, 2019 at 8:10 AM <mcatanzaro@xxxxxxxxx> wrote:
>>
>> On Tue, Aug 27, 2019 at 4:22 AM, John Harris <johnmh@xxxxxxxxxxxxx> wrote:
>>
>> No, that is not how this works, at all. First, let's go ahead and address the idea that "if the firewall blocks it, the app breaks, so it's the firewall's fault": It's not. If the firewall has not been opened, that just means it can't be accessed by remote systems until you EXPLICITLY open that port, with the correct protocol, on your firewall. That's FINE. That's how it's designed to work. There's nothing wrong with that. This means that the system administrator (or owner, if this is some individual's personal system) must allow the port to be accessed remotely, before the app can be reached remotely, increasing the security of the system.
>>
>>
>> You've already lost me here. Sorry, but we do not and will not install a firewall GUI that exposes complex technical details like port numbers. Expecting users to edit firewall rules to use their apps is ridiculous and I'm not really interested in debating it.
>>
>> If the user is capable of editing firewall rules and wants to do so, that user can surely also change the policy to not open all these ports. Yes?
>
>
> That Gnome is intentionally sabotaging users and thinks they are too stupid to understand a port number associated with a service is just another example why I wish that Fedora and Redhat would put work into alternative desktops.
>
> -Dan
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx



-- 
Jason Montleon        | email: jmontleo@xxxxxxxxxx
Red Hat, Inc.         | gpg key: 0x069E3022
Cell: 508-496-0663    | irc: jmontleo / jmontleon
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux