[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: What I HATE about F11

Lennart Poettering <mzerqung 0pointer de> wrote:


> Gah. Allowing packages to pierce the firewall just makes the firewall
> redundant.

Not entirely.

> I still think that the current firewall situation on Fedora is pretty
> much broken. It's a bit like SELinux: it's one of the first features
> most people disable.

Strange... I've rarely had any reason to futz around with the firewall
here. Neither with SELinux, at least for a long while now.

> Fedora is the only big distro that enables a firewall by default and
> thus creates a lot of trouble for many users. I think I mentioned that
> before, and I can only repeat it here: we should not ship a firewall
> enabled by default, like we currently do. If an application cannot be
> trusted then it should not be allowed to listen on a port by default
> in the first place. A firewall is an extra layer of security that
> simply hides the actual problem.

True. But "another layer of security" /is/ a good idea, most of the time.
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                    Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria             +56 32 2654239
Casilla 110-V, Valparaiso, Chile 2340000       Fax:  +56 32 2797513

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]