[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Browser mode for nautilus



On Mon, 2008-10-27 at 19:21 +0000, Rui Tiago Cação Matos wrote:
> 2008/10/27 seth vidal <skvidal fedoraproject org>:
> >> Just disable the firewall (service iptables stop)? That's what I do
> >> anyway. IMNSHO, these days the firewall is a relic from the 1990's era.
> >> It breaks at least mDNS (e.g. .local name resolution), gnome-user-share,
> >> banshee/rhythmbox etc. music sharing. I also think we should also
> >> disable the firewall for the desktop spin.
> >>
> >
> > That's outrageously dangerous.
> 
> Please tell us why then. I also disable the firewall services since I
> don't have any TCP servers listening to the outside world.

We have a number of applications that end of listening on random ports.
At which point the system is vulnerable (or sometimes just the user) is
vulnerable to whatever those daemons are vulnerable to.

If the firewall is on and setup to deny all, allow few  then we're
markedly safer for the odd port-listening daemons.

If the process needs to be able to listen on an external port then that
needs to be enabled separately. You don't just turn off all the rules as
a solution.

-sv



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]