Network Printing + Firewall..
Matthias Clasen
mclasen at redhat.com
Wed Nov 11 13:40:10 UTC 2009
On Wed, 2009-11-11 at 10:47 +0100, Gianluca Sforna wrote:
> On Tue, Nov 10, 2009 at 1:25 PM, Matthias Clasen <mclasen at redhat.com> wrote:
> > On Tue, 2009-11-10 at 07:27 +0000, "Jóhann B. Guðmundsson" wrote:
> >> Greetings...
> >>
> >> Any reason why scanning the network for printers is blocked in firewall
> >> on the desktop live cd after install ( tested with 09/11/09 i686 iso)
> >> or is this something we missed?
> >>
> >
> > The firewall is an unsolved issue. We considered just turning it off for
> > F12 (as some have advocated), but didn't have the courage to do it in
> > the end. It is one of the bigger problems we have to tackle soon. It not
> > only torpedoes printing, it also sabotages file sharing, music sharing,
> > and so on.
>
> Would something like the SELinux troubleshooter (BTW, I just love the
> F12 one, kudos to the developers), catching denials generated by the
> firewall and presenting the user a dialog to allow pinching the
> appropriate ports, be a worth project to pursue? maybe something like
> this do exist somewhere?
That is what most developers immediately think of as the 'solution' to
this issue. But it is not a solution, really. It is moving the problem
to the user and asking him to make decisions he is not ready to make.
What would you answer if a dialog spontaneously pops up that says
Program /usr/bin/greqrml wants to listen on port 978. This may be
dangerous.
[Allow][Deny][No idea, you decide]
A better approach would be to use information about the 'network
environment' and make decisions based on that. E.g allow rhythmbox to
share music on your home network, but not in the coffee shop. Of course,
this need informations about the 'trust level' or privacy of the
network.
Matthias
More information about the Fedora-desktop-list
mailing list