From Fedora Project Wiki
(Categorize page)
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
The problem with a static firewall as Fedora currently ships with iptables/system-config-firewall is that it actively interferes with a lot of things that users want to do with their desktops:
The problem with a static firewall as Fedora currently ships with iptables/system-config-firewall is that it actively interferes with a lot of things that users want to do with their desktops:


* Automatic discovery of printers and other services
* mDNS related sharing:
* Music sharing (eg via DAAP)
** Discovering any remote services (music, screen, printer, etc. shares and .local hosts)
* File sharing
** Music sharing (via DAAP, in Rhythmbox, Banshee, etc.)
** Personal File sharing (WebDAV, through gnome-user-share)
** Desktop sharing (VNC, through vinagre)
** Remote disk management (udisks and gnome-disk-utility)
** Local network chats (Pidgin, Empathy)
 
* UPNP related:
** DLNA music/movies/photos sharing (in Rygel, mediatomb, etc.)
 
* Other:
** Automatic discovery of printers and other services (CUPS specific)
** ssh


Possible ways to improve the situation are:
Possible ways to improve the situation are:
Line 10: Line 21:
* Allow applications to poke holes in the firewall, under user-control
* Allow applications to poke holes in the firewall, under user-control
* Handle different situations differently: no firewall when on the trusted 'home network', but strict firewall when using coffee shop wifi
* Handle different situations differently: no firewall when on the trusted 'home network', but strict firewall when using coffee shop wifi
== Related bugs ==
* [https://bugzilla.redhat.com/show_bug.cgi?id=179187 Bug 179187 - gnome-user-share stymied by firewall]
* [https://bugzilla.redhat.com/show_bug.cgi?id=444427 Bug 444427 - Avahi blocked by Firewall]
* [https://bugzilla.redhat.com/show_bug.cgi?id=440469 Bug 440469 - RFE: Firewall: PolicyKit integration for desktop applications]
== Other OSes ==
* Ubuntu's firewall is [https://help.ubuntu.com/9.04/serverguide/C/firewall.html disabled by default]
* Mandriva's firewall has the same problem as Fedora's (they use shorewall)
[[Category:Desktop]]

Latest revision as of 18:55, 15 August 2015

The problem with a static firewall as Fedora currently ships with iptables/system-config-firewall is that it actively interferes with a lot of things that users want to do with their desktops:

  • mDNS related sharing:
    • Discovering any remote services (music, screen, printer, etc. shares and .local hosts)
    • Music sharing (via DAAP, in Rhythmbox, Banshee, etc.)
    • Personal File sharing (WebDAV, through gnome-user-share)
    • Desktop sharing (VNC, through vinagre)
    • Remote disk management (udisks and gnome-disk-utility)
    • Local network chats (Pidgin, Empathy)
  • UPNP related:
    • DLNA music/movies/photos sharing (in Rygel, mediatomb, etc.)
  • Other:
    • Automatic discovery of printers and other services (CUPS specific)
    • ssh

Possible ways to improve the situation are:

  • Just turn the firewall off. Rely on not running any unnecessary network-facing services, and lock the necessary services down using SELinux.
  • Allow applications to poke holes in the firewall, under user-control
  • Handle different situations differently: no firewall when on the trusted 'home network', but strict firewall when using coffee shop wifi

Related bugs

Other OSes

  • Ubuntu's firewall is disabled by default
  • Mandriva's firewall has the same problem as Fedora's (they use shorewall)