From Fedora Project Wiki
< Desktop | Whiteboards
(add discovery related problems) |
(Categorize page) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 21: | Line 21: | ||
* Allow applications to poke holes in the firewall, under user-control | * Allow applications to poke holes in the firewall, under user-control | ||
* Handle different situations differently: no firewall when on the trusted 'home network', but strict firewall when using coffee shop wifi | * Handle different situations differently: no firewall when on the trusted 'home network', but strict firewall when using coffee shop wifi | ||
== Related bugs == | |||
* [https://bugzilla.redhat.com/show_bug.cgi?id=179187 Bug 179187 - gnome-user-share stymied by firewall] | |||
* [https://bugzilla.redhat.com/show_bug.cgi?id=444427 Bug 444427 - Avahi blocked by Firewall] | |||
* [https://bugzilla.redhat.com/show_bug.cgi?id=440469 Bug 440469 - RFE: Firewall: PolicyKit integration for desktop applications] | |||
== Other OSes == | == Other OSes == | ||
* Ubuntu's firewall is [https://help.ubuntu.com/9.04/serverguide/C/firewall.html disabled by default] | * Ubuntu's firewall is [https://help.ubuntu.com/9.04/serverguide/C/firewall.html disabled by default] | ||
* Mandriva's firewall has the same problem as Fedora's (they use shorewall) | * Mandriva's firewall has the same problem as Fedora's (they use shorewall) | ||
[[Category:Desktop]] | |||
Latest revision as of 18:55, 15 August 2015
The problem with a static firewall as Fedora currently ships with iptables/system-config-firewall is that it actively interferes with a lot of things that users want to do with their desktops:
- mDNS related sharing:
- Discovering any remote services (music, screen, printer, etc. shares and .local hosts)
- Music sharing (via DAAP, in Rhythmbox, Banshee, etc.)
- Personal File sharing (WebDAV, through gnome-user-share)
- Desktop sharing (VNC, through vinagre)
- Remote disk management (udisks and gnome-disk-utility)
- Local network chats (Pidgin, Empathy)
- UPNP related:
- DLNA music/movies/photos sharing (in Rygel, mediatomb, etc.)
- Other:
- Automatic discovery of printers and other services (CUPS specific)
- ssh
Possible ways to improve the situation are:
- Just turn the firewall off. Rely on not running any unnecessary network-facing services, and lock the necessary services down using SELinux.
- Allow applications to poke holes in the firewall, under user-control
- Handle different situations differently: no firewall when on the trusted 'home network', but strict firewall when using coffee shop wifi
Related bugs
- Bug 179187 - gnome-user-share stymied by firewall
- Bug 444427 - Avahi blocked by Firewall
- Bug 440469 - RFE: Firewall: PolicyKit integration for desktop applications
Other OSes
- Ubuntu's firewall is disabled by default
- Mandriva's firewall has the same problem as Fedora's (they use shorewall)