> That's all it takes: a small green/red switch, saying > trusted/untrusted, and mapped to the proper firewalld zones. You don't > need firewall-config, you don't even need to know there's such a thing > as a "firewall" behind the scenes. You only know that home is trusted, > other places are untrusted. > > Iñaki I'm just a concerned user, but have a couple of points (which are possibly slightly contradictory). - I run a laptop FC31 base install with Sway WM) which travels with me for work. I haven't installed any application which opens a port bound to any other interface than localhost, so I trust there isn't an open port on this machine, therefore rendering a firewall moot. I use WireGuard on any foreign network I connect to. - However, if I did install an application which had server functionality or required an open port, as an advanced user (by definition I think if/when installing an app like that) I would assume the knowledge that I'd need to open a firewall was implicit. - At home, my desktop runs FC30 and my server runs Debian 9 (for historical reasons). If I run services from those machines, a port needs to be opened, and I would not dream of running an always-connected machine on a static IP with open ports without a firewall. The point I'm making is that a road-warrior's laptop has different requirements than a server or desktop/workstation, and that while there are differing security requirements inherent in different use-cases security by default would by my personal preference (ie no open ports, or no apps opening ports in a default install). If an app is installed that requires an open port, this would be better done during the install (preferably with feedback) or the firewall should be smart enough to identify a blocked access and alert the user. The difficulty is how to do this with across disparate WMs/DEs or from the command line, but I think this is the best approach to take. Regards, Ryan _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
