Not to mention that firewalld has the concept of services. I never have to know a port number to expose a service if it's defined. `firewall-cmd --add-service=postgresql`... that could just as well be done with a UI without ever showing a port number to a user.
If applications that need ports exposed to work in some circumstances have well written service files it should be a non-issue. On Tue, Aug 27, 2019 at 8:56 AM Dan Book <gri...@gmail.com> wrote: > > On Tue, Aug 27, 2019 at 8:10 AM <mcatanz...@gnome.org> wrote: >> >> On Tue, Aug 27, 2019 at 4:22 AM, John Harris <joh...@splentity.com> wrote: >> >> No, that is not how this works, at all. First, let's go ahead and address >> the idea that "if the firewall blocks it, the app breaks, so it's the >> firewall's fault": It's not. If the firewall has not been opened, that just >> means it can't be accessed by remote systems until you EXPLICITLY open that >> port, with the correct protocol, on your firewall. That's FINE. That's how >> it's designed to work. There's nothing wrong with that. This means that the >> system administrator (or owner, if this is some individual's personal >> system) must allow the port to be accessed remotely, before the app can be >> reached remotely, increasing the security of the system. >> >> >> You've already lost me here. Sorry, but we do not and will not install a >> firewall GUI that exposes complex technical details like port numbers. >> Expecting users to edit firewall rules to use their apps is ridiculous and >> I'm not really interested in debating it. >> >> If the user is capable of editing firewall rules and wants to do so, that >> user can surely also change the policy to not open all these ports. Yes? > > > That Gnome is intentionally sabotaging users and thinks they are too stupid > to understand a port number associated with a service is just another example > why I wish that Fedora and Redhat would put work into alternative desktops. > > -Dan > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org -- Jason Montleon | email: jmont...@redhat.com Red Hat, Inc. | gpg key: 0x069E3022 Cell: 508-496-0663 | irc: jmontleo / jmontleon _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
