Am 20.12.2014 um 22:19 schrieb Michael Catanzaro:
On Sat, 2014-12-20 at 17:51 +0100, Mattia Verga wrote:
> Maybe I put it too simple, but instead of opening all high ports by
> default what about having firewall rules declared in RPMs for
> packages
> that need to have ports opened?
Because we need to support applications that use random ports
first: you should not quote only parts and stop reading premature
what about first try to fix that applications instead burry the default
firewall to make them happy - since networking is my daily job i see no
single reason to design a *server* for listen on random ports and there
is really no single reason to make security decisions based on *one*
desktop and it's shipped applications
______________________________________
you completly ignored the following paragraph, my guess is because "ask
the user" is considered harmful by GNOME upstream
The alternative could be a "open approach" from Firewalld, where an
application, when it's executed, can inform firewalld that needs to open
a port, firewalld asks the user if it should grant access to the
application and then opens the port... but this needs to be implemented
in the source of every application, it can eventually be sponsored to
become a standard in the linux world.