Networking and the firewall (Was Re: Isn't it time for the encrypted file system???)
Alan Cox
alan at redhat.com
Tue Mar 28 10:35:13 UTC 2006
On Tue, Mar 28, 2006 at 09:51:29AM +0200, Alexander Larsson wrote:
> I must say I'm slightly bothered by the "lets have the apps punch holes
> in the firewall" approach. If any app can open holes in the firewall,
> what use is the firewall then? It will only be protecting ports that no
> application is listening too.
The proposal I made (umm dig, dig deep through archives 4 years ago) was
that the firewall tool has an interface allowing applications to add holes
and to deal with holes but that the config tool for the app would always
ask when it seemed relevant
eg
You have just enabled network printing
Currently your firewall only permits local
access for printing
Would you like to configure the firewall
to allow network printer access
Allow All Customize Deny All
And also use the same hooks so that rpm -e deinstalls the firewall hole and
closes it.
Punching holes in general otherwise is dangerous.
More information about the Fedora-maintainers
mailing list