On Mon, 2010-12-06 at 20:34 +0100, Miloslav Trmač wrote:
It's not, but we don't really have "personal
installs"; any system can
be a desktop, a server, or both at the same time.
Agreed - I think the case being described by Jesse, though, is the
livecd case. That's what the 'personal install' seems to be to me. In
that case the livecd kickstart can turn off the iptables, if it so
chooses. I'd recommend against it.
SIP? Desktop sharing? An incoming connection won't be able to
come
through the ADSL modem's NAT anyway, so some kind of tunneling or an
external service broker (which turns the connection from incoming into
outgoing, enabled by default) is needed.
It may be just me, but really can't remember a single example when the
firewall has broken something for me, at least in the last 10 years.
I'll add a +1 to this, too. The only client having trouble I can think
of in forever is bittorrent and that wasn't my firewall it was my
wireless router.
Having iptables on just keeps out the port probes when you're on a
public network - the way ours is configured in fedora makes it pretty
easy for most client apps.
-sv