From Fedora Project Wiki
< Desktop | Whiteboards
No edit summary |
(update list of applications) |
||
| Line 1: | Line 1: | ||
The problem with a static firewall as Fedora currently ships with iptables/system-config-firewall is that it actively interferes with a lot of things that users want to do with their desktops: | The problem with a static firewall as Fedora currently ships with iptables/system-config-firewall is that it actively interferes with a lot of things that users want to do with their desktops: | ||
* | * mDNS related sharing: | ||
* Music sharing ( | * Music sharing (via DAAP, in Rhythmbox, Banshee, etc.) | ||
* File sharing | * Personal File sharing (WebDAV, through gnome-user-share) | ||
* Desktop sharing ( | * Desktop sharing (VNC, through vinagre) | ||
* Remote disk management (udisks and gnome-disk-utility) | |||
* Local network chats (Pidgin, Empathy) | |||
* UPNP related: | |||
* DLNA music/movies/photos sharing (in Rygel, mediatomb, etc.) | |||
* Other: | |||
* Automatic discovery of printers and other services (CUPS specific) | |||
* ssh | |||
Possible ways to improve the situation are: | Possible ways to improve the situation are: | ||
Revision as of 16:51, 12 April 2010
The problem with a static firewall as Fedora currently ships with iptables/system-config-firewall is that it actively interferes with a lot of things that users want to do with their desktops:
- mDNS related sharing:
* Music sharing (via DAAP, in Rhythmbox, Banshee, etc.) * Personal File sharing (WebDAV, through gnome-user-share) * Desktop sharing (VNC, through vinagre) * Remote disk management (udisks and gnome-disk-utility) * Local network chats (Pidgin, Empathy)
- UPNP related:
* DLNA music/movies/photos sharing (in Rygel, mediatomb, etc.)
- Other:
* Automatic discovery of printers and other services (CUPS specific) * ssh
Possible ways to improve the situation are:
- Just turn the firewall off. Rely on not running any unnecessary network-facing services, and lock the necessary services down using SELinux.
- Allow applications to poke holes in the firewall, under user-control
- Handle different situations differently: no firewall when on the trusted 'home network', but strict firewall when using coffee shop wifi