On Tue, 27 Aug 2019 at 09:40, <mcatanzaro(a)gnome.org> wrote:
If there is a separate team of firewall developers that would be interested in writing a
new style of firewall, then I'm sure the WG would be happy to reopen discussion of the
issue, including a discussion of requirements, etc. But I highly doubt anybody will be
interested in this effort to reenable a stricter firewalld configuration. This doesn't
seem like a serious effort to think about how a firewall could be useful, it just seems
like an effort to break software.
There's no need to write "a new style of firewall". It would be as
easy as asking the user once whether a new connection is trusted or
not. That's it. Users would be one click away of the same
functionality they have now in trusted networks (everything just
works) and would be otherwise protected in untrusted networks.
Network zones was one huge step towards a great trade-off between
usability and security. Opening almost all ports by default is two
steps backwards.
Iñaki