[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RFE: FireKit

On Fri, Jul 24, 2009 at 10:34 AM, Colin Walters<walters verbum org> wrote:
> Backing up a minute, in discussions among the desktop team and other
> people about this, one thing that came up as a specific problem with
> having no firewall at all was the "public WiFi hotspot" case.  If for
> example I enable desktop sharing before leaving work, then head to the
> airport, and log on there to WiFi, you really don't want the desktop
> sharing still enabled.  Nor likely do you want sshd.
> In most of the other cases I can think of though, the firewall is
> either a hindrance (trusted network at home or office), or pointless
> (connected via 3G modem).
> Which leads me to think that rather than being based on individual
> ports and time, we just need a nice way to globally toggle the
> firewall.  And that could come down to marking networks as explicitly
> trusted in NetworkManager, say.

Might we want to look at having "firewall profiles" such that
different sets of rules can be applied based on environment?

Also, is this planned to modify /etc/sysconfig/iptables and just
restart the service or is the plan to take a FireStarter approach and
be a substitute for /etc/sysconfig/iptables?


()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]