Fedora 21 and its Workstation firewall
Fedora 21 and its Workstation firewall
Posted Dec 19, 2014 3:02 UTC (Fri) by ebassi (subscriber, #54855)In reply to: Fedora 21 and its Workstation firewall by raven667
Parent article: Fedora 21 and its Workstation firewall
Isn't one of the big features of the new firewalld that it offers an API? So wouldn't it make sense for apps that do sharing to programmatically add their rules to the firewall based on the positive user action of turning the sharing feature on?
firewalld is basically Fedora-only, and it would require explicitly coding for it. I also don't know how much stable the interfaces are.
the main reason why I would not really like apps poking holes in the firewall is because I don't trust applications; the second reason would be that in order to poke a hole in the firewall from a user-launched application would be through a privilege escalation, and that requires constant, nagging, consent — which is the worst. yes, "authorize and remember forever" is a possibility, but then you need to train the users on how to revoke their consent, and that's another can of worm, because now you need two separate UIs and why is everything full of bees…
setting the trust level of the network, on the other hand, sounds like a better use of my time as both a user with stuff to get done, and as a developer, with other stuff to get done. I may understand that it does not require weird nerd shibboleth stuff, like port ranges during the installation, but I count that in the plus column.
Posted Dec 19, 2014 18:13 UTC (Fri)
by raven667 (subscriber, #5198)
[Link]
I wonder what Android does in this case, does it use the local packet filter or is it just very conscious about services listening on ports.
Fedora 21 and its Workstation firewall