Mattia Verga wrote:
Since I'm not good to write complex sentences in English, here is
a
schema that explains how I think firewalld should work as I wrote in
the previous post.
A "trusted app" to me would mean that I trust that it's secure enough
to communicate even on *untrusted* networks. I don't usually trust any
network, but in the rare cases when I do, I'll let any bug-ridden junk
communicate because I'm confident that there isn't anything on the
network that will exploit any security holes. If Gnome-user-share (your
example) can't be trusted on untrusted networks, then including it in a
"trusted app list" seems very wrong. Since you didn't even give the user
an option to allow Gnome-user-share to communicate on the untrusted
network, your list seems more ĺike a list of known defective apps.
--
Björn Persson