What I HATE about F11

Bruno Wolff III bruno at wolff.to
Sun Jun 14 19:01:03 UTC 2009


On Sun, Jun 14, 2009 at 20:08:31 +0200,
  Lennart Poettering <mzerqung at 0pointer.de> wrote:
> 
> enabled by default, like we currently do. If an application cannot be
> trusted then it should not be allowed to listen on a port by default
> in the first place. A firewall is an extra layer of security that
> simply hides the actual problem.

The point of the firewall is to block connections to services that are
only supposed to be connected from trusted locations. This may be things
you are testing, don't intend to be running, don't bind to 127.0.0.1 instead
of 0.0.0.0, even though they are intended to be accessed from the local
machine, or services that you only want to accept connections from a white
list of IP addresses.




More information about the fedora-devel-list mailing list